Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07

To: schilling@fokus.fraunhofer.de, davidsen@tmr.com
Cc: matthias.andree@gmx.de, cdwrite@other.debian.org
Subject: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
From: Joerg Schilling <schilling@fokus.fraunhofer.de>
Date: Fri, 17 Feb 2006 10:42:43 +0100
Message-id: <[🔎] 43F59A93.nail2VC113F89@burner>
In-reply-to: <[🔎] 43F4A337.4020905@tmr.com>
References: <[🔎] m3bqxhtmkq.fsf@merlin.emma.line.org> <[🔎] 43EB1F64.nail7GZ11H1SY@burner> <[🔎] m3psltbumj.fsf@merlin.emma.line.org> <[🔎] 43EE6FF6.nailKBD11GI1Z@burner> <[🔎] 43F00EEA.6070509@tmr.com> <[🔎] 43F09AB1.nailKUSM1KY4M@burner> <[🔎] 43F3269F.2000604@tmr.com> <[🔎] 43F49A2C.nail20WFHRNEF@burner> <[🔎] 43F4A337.4020905@tmr.com>

Bill Davidsen <davidsen@tmr.com> wrote:

> >It seems that you missd the fact that it has been introduced 2 weeks before
> >cdrtools-2.01-final came out and people on LKML did complain that I did not
> >cause cdrtools to become unstable from introducing untested code.
> >
> >Announced (in case of an incompatible change) means:
> >
> >-	prominent developers of code that uses the interface that is to
> >	be changed need to be informed a sufficent time _before_ the
> >	incompatible change is applied.
> >
> >In general, it would make Linux a mature project if such changes would be 
> >discussed for being reasonable with other people ( e.g. with experienced 
> >programmers like me).
> >
>
> This was not a change made because it would be nice, it was made because 
> it became public information that anyone who could burn could change the 
> firmware. Security fixes sometime do have to be done quickly, evil 
> people do tend to jump on any opening in the time between a 
> vulnerability becoming public and being fixed.

This is unfortunately nonsense.

If you have a security problem, you usually fix the problem and to not
change the interfaces. In special when it was posible to fix the security
problem _whithout_ breaking the interface as in our case:

The Security problem was that the Linux kernel did not check for write
permission in order to allow SCSI generic commands to be send.

The onvious fix wouild have been to change the kernel to correctly require
write permission on a fd for the SD_IO ioctl.

> You are an experienced programmer, you are aware that sometimes a quick 
> fix needs to be made and tuned after the fact.

And as I am an experienced programmer, I know that a clean fix that
would just require write access would be even much simpler to write than
what actually has been done.

Jörg

-- 
 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de                (uni)  
       schilling@fokus.fraunhofer.de     (work) Blog: http://schily.blogspot.com/
 URL:  http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily

Reply to:

Follow-Ups:
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Bill Davidsen <davidsen@tmr.com>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Bill Davidsen <davidsen@tmr.com>

References:
- "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Matthias Andree <matthias.andree@gmx.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Matthias Andree <matthias.andree@gmx.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Bill Davidsen <davidsen@tmr.com>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Bill Davidsen <davidsen@tmr.com>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Bill Davidsen <davidsen@tmr.com>

Prev by Date: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Next by Date: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Previous by thread: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Next by thread: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Index(es):
- Date
- Thread