Re: Reliability of RPC services

[Michal Suchanek]

On 4/26/06, Christopher Nelson <address@hidden> wrote:
> > Scribit Christopher Nelson dies 26/04/2006 hora 08:16:
> > > > Devices connected to [PS]ATA, USB, FireWire, SCSI, parallel, etc.
> > > > ports do not need trusted drivers.
> > > HUH?  So you have some random individual who want's to
> > stick their own
> > > DISK DRIVER into the system, and you think that it doesn't
> > need to be
> > > trusted?
> >
> > You miss the point: of course the driver for the disk used by
> > a trusted server must be trusted. But the driver used to read
> > my own USB key that is plugged to the USB bus of my terminal
> > does not need to be trusted by everyone.
> >
> > Noone was considering to use anyone's driver for the disk
> > holding /usr or /home, AFAICT.
>
> You specifically mention ATA and SCSI.  Allowing someone to plug their
> own ATA or SCSI driver in immediately gives them access to any devices
> on that bus, and also allows them to corrupt bus traffic.  In fact, PATA
> requires one and only one driver per bus.  This is because master and
> slave traffic travel across the same wire, and the driver must
> synchronize reads and writes to occur when the bus is no longer busy.
>
> > But when I do experiments with an electronic device I'm
> > designing, I shoudln't need to be the administrator and
> > reboot the whole system with a new kernel or a new kernel
> > module just to deal with what I plugged in an hotplug BUS.
> > Neither should I, in Hurd, have to install in a priviledged
> > place the appropriate driver.
>
> I suspect that you may mean something more like having the ability to
> mount a custom filesystem on some given device, restrained to a given
> range of device blocks.  The problem with having access to a hardware
> bus is that they are not, by and large, designed with the idea of
> permissions in mind.  If you can read and write a bus, you can do
> anything you want on it.  Therefore, allowing any user to have access to
> any hardware bus effectively gives them total access to anything
> connected to that bus.
>

I guess in most bus drivers you can restrict access (for a device
driver) to a specific device on the bus but you cannot prevent the
device from making the bus unusable. If the device is connected
correctly and the hardware is not broken you might be able to
guarantee that other devices on the bus are still usable even if you
do not know how the device is going to be programmed by the driver.

As for hotplugged disks: these cannot be used to store your memory if
you want to remove them later. Even if they are used for that, it is
only your storage and your responsibility.
There are usually multiple ATA/SCSI buses in the system. While some
buses connect the system disks other can be free. And there is no
reason why a user could not use a fancy CD-writer or jukebox driver on
such bus.

Thanks

Michal