|| ||Linus Torvalds <torvalds-AT-osdl.org>|
|| ||Douglas Gilbert <dougg-AT-torque.net>|
|| ||Re: cd burning with plextor drives.|
|| ||Sat, 29 Jul 2006 11:54:35 -0700 (PDT)|
|| ||James Bottomley <James.Bottomley-AT-SteelEye.com>,
Jens Axboe <axboe-AT-suse.de>, Dave Jones <davej-AT-redhat.com>,
On Sat, 29 Jul 2006, Douglas Gilbert wrote:
> Command filtering has always been dubious.
No it has not.
Command filtering falls under the _very_ non-dubious heading of "of
_course_ we have to do it". There is absolutely zero doubt about it at
You literally have two choices:
- you can filter commands
- you can disallow all command access for non-specific-capability users.
Those are the two choices. There really is no third choice. The only
question is the details of _how_ you do the filtering and/or disallowing.
> If a user has read write permissions on
> a full device (not just a partition in it) why shouldn't
> they be able to send any (SCSI/ATA/...) pass through
> command to it?
They have read-write access to the PLATTER.
The fact that you may have access to write data to a disk does _not_ mean
that you must necessarily be able to set the password on the disk so that
nobody else can ever read or write data to that disk without your
Quite frankly, if you don't see that as an "obvious", and that I'm 100%
right when I say that you have the above _two_ choices, and that your
choice simply is not a choice at all, but total idiocy, then I don't know
what to say.
Put another way: you will remove that command filtering in
block/scsi_ioctl.c only in a kernel that I don't maintain, or by disabling
it in some way that is so hidden that I won't notice. Because I'm not so
stupid as to think that it's ok for normal users to set driver passwords
or rewrite the disk firmware just because they have write permissions to
the device. That's pretty damn final.
But you can try to _improve_ the filtering. We've certainly done that
before. Quite frankly, I don't think there's a lot there that can be
improved upon any more, but it's certainly an option that we could change
that filtering to be (a) per-device and (b) allow root to explicitly
change it on a per-machine and per-device setting, with the current
filtering rules being just the "default rules".
Then you could encode any additional rules you want in a /sbin/hotplug
script or something. But the filtering isn't going _anywhere_, and what
you suggest is just totally and utterly insane.
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
to post comments)