Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices
From: Adam Sampson (azz_at_us-lot.org)
Date: 08/22/04
- Previous message: Francois Romieu: "Re: RTL-8139 Network card slow down on 2.6.8.1-mm"
- In reply to: Alan Cox: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
- Next in thread: Xavier Bestel: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Alan Cox <alan@lxorguk.ukuu.org.uk> Date: Sun, 22 Aug 2004 18:09:17 +0100
Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
> It requires CAP_SYS_RAWIO, because that is the level of access it gives.
That seems like a reasonable requirement, but would it be possible to
do the capability check at open() time, rather than when the operation
is performed? That would be more consistent with how conventional
permissions checks on files/devices work, and would avoid breaking
privilege-dropping applications.
I don't really want to run my CD-writing tool with CAP_SYS_RAWIO all
the time -- if it's got a security hole that a malicious CD image can
exploit, then I'd rather it were just able to damage the CD drive than
the rest of the system...
Thanks,
-- Adam Sampson <azz@us-lot.org> <http://offog.org/> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Francois Romieu: "Re: RTL-8139 Network card slow down on 2.6.8.1-mm"
- In reply to: Alan Cox: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
- Next in thread: Xavier Bestel: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
