Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 11 Mar 2002 22:34:59 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 11 Mar 2002 22:34:48 -0500 Received: from pcp809261pcs.nrockv01.md.comcast.net ([68.49.81.201]:23171 "EHLO localhost.localdomain") by vger.kernel.org with ESMTP id ; Mon, 11 Mar 2002 22:34:39 -0500 Date: Mon, 11 Mar 2002 22:34:39 -0500 From: Olivier Galibert To: LKML Subject: Re: [patch] My AMD IDE driver, v2.7 Message-ID: <20020311223439.A2434@zalem.nrockv01.md.comcast.net> Mail-Followup-To: Olivier Galibert , LKML In-Reply-To: <3C8D69E3.3080908@mandrakesoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C8D69E3.3080908@mandrakesoft.com>; from jgarzik@mandrakesoft.com on Mon, Mar 11, 2002 at 09:37:23PM -0500 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 11, 2002 at 09:37:23PM -0500, Jeff Garzik wrote: > It serves to encourage openness, nobody is forced to use it, and it > provides an additional layer of protection for those that choose to use > it. That is the point. It doesn't provide any meaningful protection, that's the point. If you're root/have CAP_SYS_RAWIO, you can bit-bang the interface, you can patch out the filter from the kernel binary, you can do whatever pleases you. Don't run evil programs as root in the first place. And if you want to have finer-grained capabilities for specific drive-level actions, create an higher-level interface for them which will guarantee that only safe commands are used because they will be generated by the kernel in the first place. Broken security is actually worse than no security. With no security you at least know what to expect. The exact same discussion happened with Andre, please refer to it. OG. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/