On Thu, 2005-04-28 at 08:43 +0300, Kai Makisara wrote: > On Wed, 27 Apr 2005, Alan Cox wrote: > > > On Mer, 2005-04-27 at 18:16, Greg KH wrote: > > > -stable review patch. If anyone has any objections, please let us know. > > > > This patch is just wrong on so many different levels its hard to know > > where to begin. > > > > 1. The auth for arbitary commands is CAP_SYS_RAWIO > > Valid complaint. > > > 2. "The SCSI command permissions were discussed widely on the linux > > lists but this did not result in any useful refinement of the > > permissions." - this is false. The process was refined, a table setup > > was added and debugged. > > Any user having write access to the device is still allowed to send MODE > SELECT (and some other commands useful for CD/DVD writers but being > potentially dangerous to other). If you give your user *WRITE ACCESS* to the tape you expect him to be able to do a lot of writing, right? The restrictions for *READ* are obviously more clear... > OK. If the Linux solution to these kind of security problems in the not so > central areas of kernel is to wait and see if the problem disappears > without any action, I have to accept that. But I have tried... the security problem is giving someone write access to a device and then somehow expect that to mean "selective write" ? - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
