Re: [RFC] Let non-root users eject their ipods?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sander wrote:
Coywolf Qi Hunt wrote (ao):

2005/12/20, Sander <[email protected]>:

Coywolf Qi Hunt wrote (ao):

2005/12/20, Willy Tarreau <[email protected]>:

On Mon, Dec 19, 2005 at 06:51:58PM -0800, john stultz wrote:

     I'm getting a little tired of my roommates not knowing how to safely
eject their usb-flash disks from my system and I'd personally like it if
I could avoid bringing up a root shell to eject my ipod. Sure, one could
suid the eject command, but that seems just as bad as changing the
permissions in the kernel (eject wouldn't be able to check if the user
has read/write permissions on the device, allowing them to eject
anything).

You may find my question stupid, but what is wrong with umount ? That's
how I proceed with usb-flash and I've never sent any eject command to
it (I even didn't know that the ioctl would be accepted by an sd device).

IMHO, umount doesn't guarantee sync, isn't it?

Actually I was think umount(2), since this is the kernel list, but off
topic here.


I'm pretty sure it does :-)

That is because: usually your removable media is not the file system
root, hence umount(8) can return successfully only if no processes are
busy working on it.

If you boot from or chroot/pivot into a removable media, and you
remount it ro, and unplug it, then you may lose data.

eject wont help you here, right?

And the OP was talking about usb-flash sticks his roommates use and his
ipod. He doesn't need to eject those. umount will do.

Using umount still leaves the iPod flashing a "do not disconnect" message as I recall, while eject clears it. So while umount may be all the o/s needs, and all some external storage media need, it may be highly desirable to do the eject for the benefit of the attached device, to cue it to finish whatever it's caching internally. Whatever eject does clearly is device visible, and in the case of iPod the device objects if it isn't given.

I would think that allowing it on any device on which the caller has write permission would cover the security aspects. In this case I would prefer not taking the "my XXX doesn't need it" approach, and do it unless there's a reason not to.

Not allowing a CD/DVD burner to "prevent media removal" on a device for which the user has write permission is another case of questionable security. Since that prevents unpatched growisofs from being used by a user it has a real negative effect and no obvious (to me) security benefit. I don't think of a case where I want to pull a media as it's burning...

--
   -bill davidsen ([email protected])
"The secret to procrastination is to put things off until the
 last possible moment - but no longer"  -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux