On Tue, Mar 31, 2009 at 09:27:01PM +0100, Darren J Moffat wrote: > Artem Kachitchkine wrote: > >Darren J Moffat wrote: > >>Why can't this case and the braseo one use the services provided by > >>svc:/network/rpc/smserver ? See rpc.smserverd(1M). > > > >Please don't use smserver/libsmedia to gain USCSI privileges. > > > >(Longer answer: > >http://www.mail-archive.com/opensolaris-discuss at > >opensolaris.org/msg06641.html) > > > > > >sys_devices is needed to issue raw SCSI ioctls. I'm not sure about > >Linux, perhaps DAC permissions are sufficient there. > > Giving out sys_devices isn't IMO the correct answer either - > particularly given that sys_devices is such a big powerful privilege. > > Instead I'd rather see a privilege specifically for these USCSI ioctls. > However that still leaves the issue of why aren't the DAC permissions > enough ? Why do we need more protection than that here ? Maybe the new > uscsi privilege should be in the basic set ?
Isn't this a logindevperm sort of issue??
