All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daniel Barkalow <barkalow@iabervon.org>
To: Willy Tarreau <w@1wt.eu>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	linux-kernel@vger.kernel.org, security@kernel.org,
	pmatouse@redhat.com, agk@redhat.com, jbottomley@parallels.com,
	mchristi@redhat.com, msnitzer@redhat.com
Subject: Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices
Date: Sun, 25 Dec 2011 20:41:14 -0500 (EST)	[thread overview]
Message-ID: <alpine.LNX.2.00.1112252025490.2056@iabervon.org> (raw)
In-Reply-To: <20111223062649.GD21994@1wt.eu>

On Fri, 23 Dec 2011, Willy Tarreau wrote:

> On Thu, Dec 22, 2011 at 04:07:46PM -0800, Linus Torvalds wrote:
> > For example, I just traced it, and "eject /dev/sdb1" does a CDROMEJECT
> > ioctl when used as the root user. I haven't tested the patch, but just
> > reading it, I'd expect it to break that.
> > 
> > And that's the *natural* way to eject a mounted device. Look at the
> > USB memory sticks you have. They are almost all partitioned to have
> > one partition, and that one partition doesn't cover the whole device.
> > And it's that one partition you use to interact with it - it's what
> > you mount, and what you eject.
> 
> Call me dumb, but why would someone use "eject" on a non-physically
> ejectable device such as a memory stick ? I use it on CDs, I've used
> it on Sun floppy drives, but USB memory stick ??? After the umount,
> I just have to pull it from the plug and that's all. I don't catch
> what an eject command can bring me on top of that :-/

I use "eject" on my (old) ipod in order to get it to stop telling me not 
to unplug it. The device doesn't actually have any problems if it just 
gets yanked while it's neither mounted nor ejected, but it acts unhappy 
through its UI, since it doesn't know the computer's state. (And I pass 
"eject" the mountpoint, because that's short and tab-completes and 
"eject" translates the mountpoint into a device node with fstab so it 
works.)

	-Daniel
*This .sig left intentionally blank*

  parent reply	other threads:[~2011-12-26  1:48 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-22 18:02 [PATCH 0/3] possible privilege escalation via SG_IO ioctl (CVE-2011-4127) Paolo Bonzini
2011-12-22 18:02 ` [PATCH 1/3] block: add and use scsi_blk_cmd_ioctl Paolo Bonzini
2011-12-22 18:02 ` [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices Paolo Bonzini
2011-12-22 18:37   ` Linus Torvalds
2011-12-22 19:11     ` Willy Tarreau
2011-12-22 19:18     ` Paolo Bonzini
2011-12-22 19:44       ` Linus Torvalds
2011-12-22 20:23         ` Paolo Bonzini
2011-12-22 20:52           ` Linus Torvalds
2011-12-22 22:08             ` Paolo Bonzini
2011-12-22 22:25               ` Linus Torvalds
2011-12-22 23:48                 ` Alasdair G Kergon
2011-12-23  0:07                   ` Linus Torvalds
2011-12-23  6:26                     ` Willy Tarreau
2011-12-23  9:22                       ` Linus Torvalds
2011-12-23  9:45                         ` Willy Tarreau
2011-12-23 14:15                         ` Paolo Bonzini
2011-12-23 22:46                           ` Linus Torvalds
2012-01-05 13:18                             ` Paolo Bonzini
2012-01-05 16:16                               ` Linus Torvalds
2012-01-05 16:40                                 ` Paolo Bonzini
2012-01-05 17:04                                   ` Linus Torvalds
2012-01-05 17:26                                     ` Paolo Bonzini
2012-01-05 23:49                               ` Linus Torvalds
2011-12-26  1:41                       ` Daniel Barkalow [this message]
2011-12-23  0:17                 ` H. Peter Anvin
2011-12-22 18:02 ` [PATCH 3/3] dm: do not forward ioctls from logical volumes to the underlying device Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LNX.2.00.1112252025490.2056@iabervon.org \
    --to=barkalow@iabervon.org \
    --cc=agk@redhat.com \
    --cc=jbottomley@parallels.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mchristi@redhat.com \
    --cc=msnitzer@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=pmatouse@redhat.com \
    --cc=security@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=w@1wt.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.