On Sat, May 25, 2013 at 09:05:25AM +0200, Paolo Bonzini wrote: > > you could send destructive commands to a partition. The right fix > > for that would be to not allow SG_IO on partitions at all, just > > wondering if anything would be broken by this. > > Linus wanted to keep that for CAP_SYS_RAWIO. We found two uses of SG_IO > on partitions: zfs-fuse used SYNCHRONIZE CACHE; some proprietary driver > used TEST UNIT READY. > > Really, the solution is to make the bitmaps configurable in userspace. > It is no less secure than unpriv_sgio. Then the kernel can be > configured at build-time to have either an MMC bitmap and a basic > whitelist of a dozen commands. We can even avoid working around those > few conflicting opcodes; if you're paranoid you can just configure your > kernel right. Keep it simple. Allowing SG_IO for CAP_SYS_RAWIO probably is fine, allowing it for permissions only clearly isn't. All the per-command filetering is just complete bullshit and the kind of bloat that eventually will make Linux unmaintainable. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
