On Tue, Apr 5, 2011 at 6:40 PM, John Calixto <john.calixto@xxxxxxxxxxxxxx> wrote: >> >> In MMC-land: >> CMD18 is PROGRAM_CID (which is a once-in-a-lifetime operation). >> CMD38 is erase >> CMD25 is write_multiple_block - this can give a non-root user full >> control over a disk, bypassing security. > > Hi Andrei, > > I have CMD18 as READ_MULTIPLE_BLOCK... Regardless, this ioctl is > specifically for ACMD opcodes (application-specific; preceeded by > CMD55), not CMD opcodes. I'm sorry, I meant CMD26 instead of 18. Could you check the SD behavior for undefined ACMDs? If I do ACMD25, and ACMD25 is not defined, will it be executed as CMD25? This is the MMC behavior as I have mentioned. If so, that means you will be able to bypass access control and be able to (at the very least) read/write block as non-root. Is there a way for SD to verify which ACMDs the card actually supports? As far as MMC is concerned - no. I really wish ACMD had their own classes as well. A -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
