From: Willy Tarreau <willy@w.ods.org>
To: john stultz <johnstul@us.ibm.com>
Cc: lkml <linux-kernel@vger.kernel.org>, greg@kroah.com, axboe@suse.de
Subject: Re: [RFC] Let non-root users eject their ipods?
Date: Tue, 20 Dec 2005 06:18:21 +0100 [thread overview]
Message-ID: <20051220051821.GM15993@alpha.home.local> (raw)
In-Reply-To: <1135047119.8407.24.camel@leatherman>
Hi John,
On Mon, Dec 19, 2005 at 06:51:58PM -0800, john stultz wrote:
> All,
> I'm getting a little tired of my roommates not knowing how to safely
> eject their usb-flash disks from my system and I'd personally like it if
> I could avoid bringing up a root shell to eject my ipod. Sure, one could
> suid the eject command, but that seems just as bad as changing the
> permissions in the kernel (eject wouldn't be able to check if the user
> has read/write permissions on the device, allowing them to eject
> anything).
You may find my question stupid, but what is wrong with umount ? That's
how I proceed with usb-flash and I've never sent any eject command to
it (I even didn't know that the ioctl would be accepted by an sd device).
> I've looked around trying to find some references to why this isn't
> currently allowed or how safe this is, but I couldn't find anything
> except the 2.6.8/k3b thread from awhile back and it didn't speak to why
> eject would need root permissions even if the user has r/w permissions
> on the device.
>
> I really know nothing about scsi ioctls, so this is probably the wrong
> solution, but I figured I'd offer my head upon a stake so others could
> learn what not to do and why, and maybe start some discussion on what
> the proper fix should be (for the kernel or the distributions to make)
> since non root users really should be able to eject the flash disk they
> just plugged in.
>
> So below is a patch that allows non-root users to eject their ipods. (It
> seems it should be safe_for_write() but eject opens the device for
> RDONLY, so eject may be wrong here as well).
If there is a special ioctl to be called after the device has been
unmounted, then probably it would be easier to call it in umount() ?
The advantage is that mount/umount are already suid on distros which
allow user access, and you just have to put a 'users' option in the
fstab for this.
> Comments, flames?
>
> thanks
> -john
Cheers,
Willy
>
> diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
> --- a/block/scsi_ioctl.c
> +++ b/block/scsi_ioctl.c
> @@ -188,6 +188,9 @@ static int verify_command(struct file *f
> safe_for_write(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL),
> safe_for_write(GPCMD_LOAD_UNLOAD),
> safe_for_write(GPCMD_SET_STREAMING),
> +
> + /* let me eject my damn ipod */
> + safe_for_read(ALLOW_MEDIUM_REMOVAL),
> };
> unsigned char type = cmd_type[cmd[0]];
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2005-12-20 5:19 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-20 2:51 [RFC] Let non-root users eject their ipods? john stultz
2005-12-20 3:51 ` Wakko Warner
2005-12-20 3:49 ` john stultz
2005-12-20 5:05 ` Matthew Dharm
2005-12-24 21:16 ` Jan Engelhardt
2005-12-20 5:18 ` Willy Tarreau [this message]
2005-12-20 6:06 ` Coywolf Qi Hunt
2005-12-20 8:56 ` Sander
2005-12-20 9:31 ` Coywolf Qi Hunt
2005-12-20 9:38 ` Sander
2005-12-20 16:39 ` Bill Davidsen
2005-12-20 11:10 ` Nikita Danilov
2005-12-20 7:46 ` Jens Axboe
2005-12-20 12:41 ` Ben Collins
2005-12-20 13:28 ` Jens Axboe
2005-12-20 13:32 ` Ben Collins
2005-12-20 13:39 ` Jens Axboe
2005-12-20 14:07 ` [PATCH] block: Better CDROMEJECT Ben Collins
2005-12-20 14:16 ` Jens Axboe
2005-12-20 20:41 ` john stultz
2005-12-20 20:54 ` Jens Axboe
2005-12-20 20:55 ` john stultz
2005-12-20 20:58 ` Jens Axboe
2005-12-20 20:58 ` john stultz
2005-12-20 20:55 ` Ben Collins
2005-12-20 16:48 ` [RFC] Let non-root users eject their ipods? Bill Davidsen
2005-12-22 10:56 ` Alan Cox
2005-12-22 16:57 ` john stultz
2005-12-24 21:17 ` Jan Engelhardt
[not found] <5lFTx-7L1-9@gated-at.bofh.it>
[not found] ` <5lIeC-3hP-3@gated-at.bofh.it>
[not found] ` <5lIRn-4GE-19@gated-at.bofh.it>
[not found] ` <5lLw7-1f5-43@gated-at.bofh.it>
[not found] ` <5lM8s-2D4-1@gated-at.bofh.it>
[not found] ` <5lM8F-2D4-39@gated-at.bofh.it>
[not found] ` <5lSQE-87T-9@gated-at.bofh.it>
2005-12-20 20:21 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051220051821.GM15993@alpha.home.local \
--to=willy@w.ods.org \
--cc=axboe@suse.de \
--cc=greg@kroah.com \
--cc=johnstul@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).