RE: Reliability of RPC services

[Christopher Nelson]

> Scribit Christopher Nelson dies 26/04/2006 hora 08:16:
> > > Devices connected to [PS]ATA, USB, FireWire, SCSI, parallel, etc.
> > > ports do not need trusted drivers. 
> > HUH?  So you have some random individual who want's to 
> stick their own 
> > DISK DRIVER into the system, and you think that it doesn't 
> need to be 
> > trusted?
> 
> You miss the point: of course the driver for the disk used by 
> a trusted server must be trusted. But the driver used to read 
> my own USB key that is plugged to the USB bus of my terminal 
> does not need to be trusted by everyone.
> 
> Noone was considering to use anyone's driver for the disk 
> holding /usr or /home, AFAICT.

You specifically mention ATA and SCSI.  Allowing someone to plug their
own ATA or SCSI driver in immediately gives them access to any devices
on that bus, and also allows them to corrupt bus traffic.  In fact, PATA
requires one and only one driver per bus.  This is because master and
slave traffic travel across the same wire, and the driver must
synchronize reads and writes to occur when the bus is no longer busy.  
 
> But when I do experiments with an electronic device I'm 
> designing, I shoudln't need to be the administrator and 
> reboot the whole system with a new kernel or a new kernel 
> module just to deal with what I plugged in an hotplug BUS. 
> Neither should I, in Hurd, have to install in a priviledged 
> place the appropriate driver.

I suspect that you may mean something more like having the ability to
mount a custom filesystem on some given device, restrained to a given
range of device blocks.  The problem with having access to a hardware
bus is that they are not, by and large, designed with the idea of
permissions in mind.  If you can read and write a bus, you can do
anything you want on it.  Therefore, allowing any user to have access to
any hardware bus effectively gives them total access to anything
connected to that bus.



-={C}=-