Re: [PATCH 2.6.11.8] SCSI tape security: require CAP_SYS_RAWIO for SG_IO etc.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 01, 2005 at 08:56:06PM +0300, Kai Makisara wrote:
> On Sat, 30 Apr 2005, Kai Makisara wrote:
> 
> > The patch at the end is against 2.6.11.8.
> > 
> > The kernel currently allows any user permitted to access the tape device file
> > to send the tape drive commands that may either make the tape drivers internal
> ...
> > filtering. This patch solves the problem for tapes and no more elaborate
> > patches are needed. If those are merged to the kernel, this patch can be reversed.
> > 
> > Signed-off-by: Kai Makisara <[email protected]>
> > 
> > --- linux-2.6.11.8/drivers/scsi/st.c	2005-03-03 21:10:36.000000000 +0200
> > +++ linux-2.6.11.8-k1/drivers/scsi/st.c	2005-04-30 09:57:21.000000000 +0300
> > @@ -3414,7 +3414,10 @@ static int st_ioctl(struct inode *inode,
> >  		case SCSI_IOCTL_GET_BUS_NUMBER:
> >  			break;
> >  		default:
> > -			i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> > +			if (!capable(CAP_SYS_RAWIO))
> > +				i = -EPERM;
> > +			else
> > +				i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
> >  			if (i != -ENOTTY)
> >  				return i;
> >  			break;
> 
> Please hold this patch. Testing the corresponding patch for 2.6.12-rc
> showed that this is too restrictive. Best to wait until the next versions 
> will be reviewed on the linux-scsi list and merged into -rc.

Ok, when you come up with something that is acceptable, care to email it
also to the [email protected] people?

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux