James Bottomley <James.Bottomley@xxxxxxxxxxxx> writes: > On Sat, 2006-07-29 at 13:12 +0200, Jens Axboe wrote: > > > I'm not that familiar with this code, but would adding exceptions > > > on a per-vendor basis in sg_allow_access() be the way forward here? > > > > > > If not, what is the right answer ? > > > > I'd greatly prefer just ripping the entire command access table out, it > > was a mistake to begin with and still just a horrible solution. > > > > In fact, I think we should decide soon what to do about it. At the > > storage summit, there was general consensus on just killing it as well. > > I concur. If we're going to allow users access to burn CDs, it's > impossible to police them with certainty as this case indicates. If we > allow vendor specific commands down, there are bound to be some that > format the drive or destroy the firmware ... > > So I think ripping the table out and acknowledging we have no security > is better than giving the illusion of having it. How about making cmd_type a per device variable and adding an ioctl to set cmd_type? Let cmd_type default to letting everything through. That way a distribution can add filters if it wants to. /Christer -- "Just how much can I get away with and still go to heaven?" Freelance consultant specializing in device driver programming for Linux Christer Weinigel <christer@xxxxxxxxxxx> http://www.weinigel.se - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
