On Sun, Sep 16, 2012 at 10:43:40AM -0400, Thor Lancelot Simon wrote: > On Sun, Sep 16, 2012 at 03:23:22PM +0200, Manuel Bouyer wrote: > > Hello, > > the attached patch adds a pass-through ioctl interface, with the > > necessery linux compat code, for mfi(4). This allows to run the > > linux binary of the MegaCLI tool provided by LSI logic. > > This ioctl is extremely dangerous. The driver passes the command > to the device firmware with no parsing or access control of any > kind. Are we really sure we want to support this? It is a > truly gaping security hole.
Yes, of course it's a risk. We support a similar ioctl for other drivers, e.g. amr(4). the pass-through for scsi(4) and ata(4) devices could probably do something similar too. But the this controller is much less usefull without management tool (there's no much point in having hot-plug hardware if you have to reboot and enter firmware when you unplug/replug). I'd expect the kauth call to dissalow this at securelevel 1 or above (this is a cut-n-paste from amr(4)). -- Manuel Bouyer <bou...@antioche.eu.org> NetBSD: 26 ans d'experience feront toujours la difference --