Re: IF only........

Andre Hedrick (andre@linux-ide.org)
Fri, 21 Jul 2000 18:11:47 -0700 (PDT)

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

---1019260510-622329304-964228307=:15902
Content-Type: text/plain; charset=us-ascii

With out the full touch it will not work.
20% are functionally that have to be there for 2.4 to stand a chance of
being correct.
80% is TASKFILE rewrite to give us the armor.

You want just the armor fine, but the other will come next.

On Fri, 21 Jul 2000, Oliver Xymoron wrote:

> On Fri, 21 Jul 2000, Andre Hedrick wrote:
>
> > I wrote the patch but it is not wanted "ide.2.4.0-t5-2.all.4c.patch.bz2"
> > I proved the tool to try and break it.
>
> Andre, what's the smallest patch to the current code which will kill raw
> writes? I suspect a couple lines in drivers/ide/ide.c of the form

ide.2.4.0-t5-2.kludge.patch

This expose the hole with no real method to protect.

> case HDIO_DRIVE_CMD:
> .
> .
> .
> int i, raw_cmds[]={WIN_WRITE, WIN_WRITEDMA, ...,0};
> for(i=0; raw_cmds[i]; i++)
> if(cmd==raw_cmds[i] && !capable(CAP_SYS_RAW))
> return -EACCESS;
>
> I agree with Alan that we should limit those commands to people with
> CAP_SYS_RAW. The above is arguably the correct thing to do under the
> capabilities model anyway and is simple enough that it's not likely to
> impact anything. Chances of getting accepted are much higher than your 64k
> patch which touches many files and rewrites many functions.

Cheers,

Andre Hedrick
The Linux ATA/IDE guy

---1019260510-622329304-964228307=:15902
Content-Type: text/plain; charset=us-ascii; name="ide.2.4.0-t5-2.kludge.patch"
Content-Transfer-Encoding: base64
Content-ID: <Pine.LNX.4.10.10007211811470.15902@master.linux-ide.org>
Content-Description:
Content-Disposition: attachment; filename="ide.2.4.0-t5-2.kludge.patch"

ZGlmZiAtdXJOIGxpbnV4LTIuNC4wLXQ1LTItcHJpc3RpbmUvZHJpdmVycy9p
ZGUvaWRlLmMgbGludXgtMi40LjAtdDUtMi1rbHVkZ2UvZHJpdmVycy9pZGUv
aWRlLmMNCi0tLSBsaW51eC0yLjQuMC10NS0yLXByaXN0aW5lL2RyaXZlcnMv
aWRlL2lkZS5jCVN1biBKdWwgIDkgMTA6MDQ6MzUgMjAwMA0KKysrIGxpbnV4
LTIuNC4wLXQ1LTIta2x1ZGdlL2RyaXZlcnMvaWRlL2lkZS5jCVdlZCBKdWwg
MTkgMTc6MTQ6MTggMjAwMA0KQEAgLTI1NjYsNiArMjU2NiwzNyBAQA0KIAkJ
CQlyZXR1cm4gaWRlX2RvX2RyaXZlX2NtZChkcml2ZSwgJnJxLCBpZGVfd2Fp
dCk7DQogCQkJaWYgKGNvcHlfZnJvbV91c2VyKGFyZ3MsICh2b2lkICopYXJn
LCA0KSkNCiAJCQkJcmV0dXJuIC1FRkFVTFQ7DQorCQkJDQorCQkJLyoNCisJ
CQkgKiBLbHVkZ2UgdG8gcHJldmVudCB0YXNrZmlsZSBjb21tYW5kcyBleGVj
dXRpbmcNCisJCQkgKiBpbiBhIHJlYWQgb3Igd3JpdGUuICBSZXdyaXRpbmcg
dGhlIHRhc2tmaWxlIGNvbW1hbmRzDQorCQkJICogaXMgdGhlIG9ubHkgc2Fm
ZSBzb2x1dGlvbi4gIFRoaXMgcGF0Y2ggZXhwb3NlcyBhDQorCQkJICogZGF0
YSBzZWN1cml0eSByaXNrLg0KKwkJCSAqLw0KKwkJCXN3aXRjaCAoYXJnc1sw
XSkgew0KKwkJCQljYXNlIFdJTl9TRVRGRUFUVVJFUzoNCisJCQkJY2FzZSBX
SU5fSURFTlRJRlk6DQorCQkJCWNhc2UgV0lOX1BJREVOVElGWToNCisJCQkJ
Y2FzZSBXSU5fU01BUlQ6DQorCQkJCWNhc2UgV0lOX1NFRUs6DQorCQkJCWNh
c2UgV0lOX1NQRUNJRlk6DQorCQkJCWNhc2UgV0lOX1NUQU5EQllOT1cxOg0K
KwkJCQljYXNlIFdJTl9TVEFOREJZTk9XMjoNCisJCQkJY2FzZSBXSU5fU0xF
RVBOT1cxOg0KKwkJCQljYXNlIFdJTl9TTEVFUE5PVzI6DQorCQkJCWNhc2Ug
V0lOX1NFVElETEUxOg0KKwkJCQljYXNlIERJU0FCTEVfU0VBR0FURToNCisJ
CQkJY2FzZSBXSU5fQ0hFQ0tQT1dFUk1PREUxOg0KKwkJCQljYXNlIFdJTl9D
SEVDS1BPV0VSTU9ERTI6DQorCQkJCWNhc2UgV0lOX1NFVE1VTFQ6DQorCQkJ
CWNhc2UgRVhBQllURV9FTkFCTEVfTkVTVDoNCisJCQkJY2FzZSBXSU5fRE9P
UkxPQ0s6DQorCQkJCWNhc2UgV0lOX0RPT1JVTkxPQ0s6DQorCQkJCQlicmVh
azsNCisJCQkJZGVmYXVsdDoNCisJCQkJCXJldHVybiAtRUZBVUxUOw0KKwkJ
CX0NCisgICAgICAgICAgICANCiAJCQlpZiAoYXJnc1szXSkgew0KIAkJCQlh
cmdzaXplID0gNCArIChTRUNUT1JfV09SRFMgKiA0ICogYXJnc1szXSk7DQog
CQkJCWFyZ2J1ZiA9IGttYWxsb2MoYXJnc2l6ZSwgR0ZQX0tFUk5FTCk7DQo=
---1019260510-622329304-964228307=:15902--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/