Re: [patch] My AMD IDE driver, v2.7

[Martin Dalecki <dalecki@evision-ventures.com>]

Jeff Garzik wrote:
> Linus Torvalds wrote:
> 
>>
>> On Mon, 11 Mar 2002, Jeff Garzik wrote:
>>
>>> You have convinced me that unconditional filtering is bad.  But I still
>>> think people should be provided the option to filter if they so desire.
>>>
>>
>> Hey, choice is always good, except if it adds complexity.
>>
>> The problem with conditional filtering is that either it is a boot (or
>> compile time) option, or it is a dynamic filter.
>>
> heh, I couldn't have given a better argument against a dynamic filter.
> 
> I was actually assuming the filter would be a compile-time option, for 
> security's sake.  Boot-time option works too.
> 
> So, it sounds like you could be sold on an fixed-at-compile-time filter 
> that can be disabled at boot :)  I know you don't like 
> fixed-at-compile-time as you mentioned, but it's my argument there is a 
> class of users that definitely do.  MandrakeSoft would likely enable the 
> filter in the "secure" kernel and disable it in the "normal" kernel, for 
> example.

Mandrake Soft should disable the whole sidestepping
ioctl - even the generic one - in a secure kernel.
Filtering them all to -EINVAL is the bast one can do for *security*.
The stuff which is not should be implemented with generic ioctl
with a proper sementics.

Rings a bell?

No matter how you turn it it turns out that the taskfile stuff as it
is is just useless - formal verification inside the kernel can
be done at coding time. Formal verification for vendor specific
stuff can be done in user land. Formal verification for security
stuff doens't make sense, becouse the whole interface doesn't
make sense for security concerns. Formal verification of the
commands for political reasons is just plain naive...