From: Paolo Bonzini <pbonzini@redhat.com>
To: Christoph Hellwig <hch@infradead.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org,
Hannes Reinecke <hare@suse.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>
Subject: Re: [PATCH 0/3] SG_IO command filtering via sysfs
Date: Mon, 12 Nov 2018 11:17:29 +0100 [thread overview]
Message-ID: <79d7d4b2-e9b3-00b4-2ad0-789888f7ee36@redhat.com> (raw)
In-Reply-To: <20181112082013.GA9307@infradead.org>
On 12/11/2018 09:20, Christoph Hellwig wrote:
> On Sun, Nov 11, 2018 at 08:42:42AM -0500, Theodore Y. Ts'o wrote:
>> It really depends on the security model being used on a particular
>> system. I can easily imagine scenarios where userspace is allowed
>> full access to the device with respect to read/write/open, but the
>> security model doesn't want to allow access to various SCSI commands
>> such as firmware upload commands, TCG commads, the
>> soon-to-be-standardized Zone Activation Commands (which allow dynamic
>> conversion of HDD recording modes between CMR and SMR), etc.
>
> Well, that's what we have the security_file_ioctl() LSM hook for so that
> your security model can arbitrate access to ioctls.
Doesn't that have TOC-TOU races by design?
Also, what about SG_IO giving write access to files that are only opened
read-only (and only have read permissions)?
Paolo
next prev parent reply other threads:[~2018-11-12 10:19 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-10 16:35 [PATCH 0/3] SG_IO command filtering via sysfs Paolo Bonzini
2018-11-10 16:35 ` [PATCH 1/3] block: add back queue-private command filter Paolo Bonzini
2018-11-10 16:35 ` [PATCH 2/3] scsi: create an all-one filter for scanners Paolo Bonzini
2018-11-10 16:35 ` [PATCH 3/3] block: add back command filter modification via sysfs Paolo Bonzini
2018-11-16 5:46 ` Bart Van Assche
2018-11-16 7:00 ` Paolo Bonzini
2018-11-16 14:42 ` Bart Van Assche
2018-11-10 19:05 ` [PATCH 0/3] SG_IO command filtering " Theodore Y. Ts'o
2018-11-11 13:26 ` Paolo Bonzini
2018-11-11 14:14 ` Theodore Y. Ts'o
2018-11-16 0:26 ` Paolo Bonzini
2018-11-16 0:37 ` Bart Van Assche
2018-11-16 7:01 ` Paolo Bonzini
2018-11-16 17:35 ` Theodore Y. Ts'o
2018-11-11 13:14 ` Christoph Hellwig
2018-11-11 13:42 ` Theodore Y. Ts'o
2018-11-12 8:20 ` Christoph Hellwig
2018-11-12 10:17 ` Paolo Bonzini [this message]
2018-11-16 9:32 ` Christoph Hellwig
2018-11-16 9:45 ` Paolo Bonzini
2018-11-16 9:48 ` Christoph Hellwig
2018-11-16 17:43 ` Theodore Y. Ts'o
2018-11-16 18:17 ` Bart Van Assche
2018-11-16 21:08 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=79d7d4b2-e9b3-00b4-2ad0-789888f7ee36@redhat.com \
--to=pbonzini@redhat.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=hare@suse.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.