I have been copying all discussion to the 2009/201 case, which I think is more appropriate for this discussion. Can we please continue discussion there?
Thanks, Brian On 03/31/09 16:21, Artem Kachitchkine wrote: > >> Giving out sys_devices isn't IMO the correct answer either - >> particularly given that sys_devices is such a big powerful privilege. >> >> Instead I'd rather see a privilege specifically for these USCSI ioctls. >> However that still leaves the issue of why aren't the DAC permissions >> enough ? Why do we need more protection than that here ? Maybe the new >> uscsi privilege should be in the basic set ? > > Quoting Tamarack (2005/399) inception materials: > >> We propose: >> >> - eliminate smserverd, make libsmedia open device directly; >> - create two new privileges: >> - uscsi_full for full uscsi access; >> - uscsi_user for limited uscsi access (no resets or aborts); >> - add uscsi_user to the "Basic User Profile"; > > However, we ended up removing this part of the proposal - I can't recall > why exactly. Perhaps we moved it outside of the project scope while > trying to finish the project before mgmt reprioritized again :) > > One thing to keep in mind is that uscsi can be used to do some nasty > stuff. Like make a device behave in unpredictable ways, triggering > dormant driver bugs; or reprogram its firmware to become a completely > different class (make a USB disk behave like a USB microphone); or, on > parallel SCSI, create bus conditions that would affect devices you may > not have DAC permissions for; etc. > > -Artem > > _______________________________________________ > opensolaris-arc mailing list > opensolaris-arc at opensolaris.org
