Bodo Eggert wrote:
So we can
1) give up and let any application with write access destroy the hardware
That won't be a problem if all apps with write access are running as
root or setuid and thus the list of them is well-controlled by root.
2) implement a basic filter (common for all deviced) and a device-specific
filter, which can be set by a userspace application.
In fact both approaches are used in the kernel.
(1) is used in the usbfs code, and thus SANE and gPhoto2 rely upon it
(BTW it's still possible for a user to install an old version of SANE
into /home/user and damage a scanner). Proper filtering in the kernel
would be probably just too complex in this "usb generic" case.
(2) is used e.g. in DRM code.
What's missing is a clearly stated policy that says which of those two
approaches should be applied in each particular case.
--
Alexander E. Patrakov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
