Re: [patch] My AMD IDE driver, v2.7

Olivier Galibert (galibert@pobox.com)
Mon, 11 Mar 2002 22:34:39 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Garzik: "Re: [patch] My AMD IDE driver, v2.7"
Previous message: Linus Torvalds: "Re: [patch] My AMD IDE driver, v2.7"

On Mon, Mar 11, 2002 at 09:37:23PM -0500, Jeff Garzik wrote:
> It serves to encourage openness, nobody is forced to use it, and it
> provides an additional layer of protection for those that choose to use
> it. That is the point.

It doesn't provide any meaningful protection, that's the point.

If you're root/have CAP_SYS_RAWIO, you can bit-bang the interface, you
can patch out the filter from the kernel binary, you can do whatever
pleases you. Don't run evil programs as root in the first place. And
if you want to have finer-grained capabilities for specific
drive-level actions, create an higher-level interface for them which
will guarantee that only safe commands are used because they will be
generated by the kernel in the first place.

Broken security is actually worse than no security. With no security
you at least know what to expect.

The exact same discussion happened with Andre, please refer to it.

OG.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: [patch] My AMD IDE driver, v2.7"
Previous message: Linus Torvalds: "Re: [patch] My AMD IDE driver, v2.7"