Re: [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 30 Apr 2005, Kai Makisara wrote:

> The patch at the end is against 2.6.11.8.
> 
> The kernel currently allows any user permitted to access the tape device file
> to send the tape drive commands that may either make the tape drivers internal
...
> filtering. This patch solves the problem for tapes and no more elaborate
> patches are needed. If those are merged to the kernel, this patch can be reversed.
> 
> Signed-off-by: Kai Makisara <[email protected]>
> 
> --- linux-2.6.11.8/drivers/scsi/st.c	2005-03-03 21:10:36.000000000 +0200
> +++ linux-2.6.11.8-k1/drivers/scsi/st.c	2005-04-30 09:57:21.000000000 +0300
> @@ -3414,7 +3414,10 @@ static int st_ioctl(struct inode *inode,
>  		case SCSI_IOCTL_GET_BUS_NUMBER:
>  			break;
>  		default:
> -			i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> +			if (!capable(CAP_SYS_RAWIO))
> +				i = -EPERM;
> +			else
> +				i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
>  			if (i != -ENOTTY)
>  				return i;
>  			break;

Please hold this patch. Testing the corresponding patch for 2.6.12-rc
showed that this is too restrictive. Best to wait until the next versions 
will be reviewed on the linux-scsi list and merged into -rc.

-- 
Kai
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux