On Saturday 19 March 2011, Michał Mirosław wrote:
> W dniu 18 marca 2011 20:26 użytkownik Arnd Bergmann <a...@arndb.de> napisał:
> > On Friday 18 March 2011 18:56:53 Michał Mirosław wrote:
> >> If that's going to be used by possibly unprivileged userspace process,
> >> then this passthrough should filter and validate all commands it
> >> passes to hardware. If there is a possibility of some command sequence
> >> to generate undefined or otherwise unwanted results, then you need
> >> state tracker that will disallow that sequence to be generated by
> >> unprivileged process.
> > We have precedence for direct host commands in a few other
> > block drivers. In general, any user who can open the block
> > device can issue all commands unless they can directly destroy
> > the hardware. On normal systems, the only user that has write
> > access to block devices is root.
>
> In this case, a process having access to one partition can disrupt
> other partitions on the same card even if it has no access to them in
> any other way.
>
> It is not that unusual on "normal systems" to give write access to
> some partition or device to unprivileged users. Database volumes are
> one example.
We can probably restrict it to the actual block device, and disallow
the ioctl on partitions to avoid that problem.
Arnd
--
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
