Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

From: Adam Sampson
Date: Sun Aug 22 2004 - 12:10:20 EST

Next message: Horst von Brand: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Previous message: Francois Romieu: "Re: RTL-8139 Network card slow down on 2.6.8.1-mm"
In reply to: Alan Cox: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Xavier Bestel: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes:

> It requires CAP_SYS_RAWIO, because that is the level of access it gives.

That seems like a reasonable requirement, but would it be possible to
do the capability check at open() time, rather than when the operation
is performed? That would be more consistent with how conventional
permissions checks on files/devices work, and would avoid breaking
privilege-dropping applications.

I don't really want to run my CD-writing tool with CAP_SYS_RAWIO all
the time -- if it's got a security hole that a malicious CD image can
exploit, then I'd rather it were just able to damage the CD drive than
the rest of the system...

Thanks,

--
Adam Sampson <azz@xxxxxxxxxx> <http://offog.org/>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Horst von Brand: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Previous message: Francois Romieu: "Re: RTL-8139 Network card slow down on 2.6.8.1-mm"
In reply to: Alan Cox: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Xavier Bestel: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]