Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id <S310376AbSCLDe7>; Mon, 11 Mar 2002 22:34:59 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org
	id <S310378AbSCLDes>; Mon, 11 Mar 2002 22:34:48 -0500
Received: from pcp809261pcs.nrockv01.md.comcast.net ([68.49.81.201]:23171 "EHLO
	localhost.localdomain") by vger.kernel.org with ESMTP
	id <S310376AbSCLDej>; Mon, 11 Mar 2002 22:34:39 -0500
Date: Mon, 11 Mar 2002 22:34:39 -0500
From: Olivier Galibert <galibert@pobox.com>
To: LKML <linux-kernel@vger.kernel.org>
Subject: Re: [patch] My AMD IDE driver, v2.7
Message-ID: <20020311223439.A2434@zalem.nrockv01.md.comcast.net>
Mail-Followup-To: Olivier Galibert <galibert@pobox.com>,
	LKML <linux-kernel@vger.kernel.org>
In-Reply-To: <Pine.LNX.4.33.0203111829550.1153-100000@home.transmeta.com> <3C8D69E3.3080908@mandrakesoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <3C8D69E3.3080908@mandrakesoft.com>; from jgarzik@mandrakesoft.com on Mon, Mar 11, 2002 at 09:37:23PM -0500
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 11, 2002 at 09:37:23PM -0500, Jeff Garzik wrote:
> It serves to encourage openness, nobody is forced to use it, and it 
> provides an additional layer of protection for those that choose to use 
> it.  That is the point.

It doesn't provide any meaningful protection, that's the point.

If you're root/have CAP_SYS_RAWIO, you can bit-bang the interface, you
can patch out the filter from the kernel binary, you can do whatever
pleases you.  Don't run evil programs as root in the first place.  And
if you want to have finer-grained capabilities for specific
drive-level actions, create an higher-level interface for them which
will guarantee that only safe commands are used because they will be
generated by the kernel in the first place.

Broken security is actually worse than no security.  With no security
you at least know what to expect.

The exact same discussion happened with Andre, please refer to it.

  OG.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/