Charles M. Hannum writes:
> 
> 
>    > No; that's the least of the problems.  The most annoying problem is
>    > that, e.g/, a trivial typo can turn a CHANGE DEFINITION command into a
>    > FORMAT UNIT command -- definitely not what the user intended, and by
>    > the time he/she notices, it's way too late.
>    > 
>    > This is a very unsafe interface, and I would definitely not want
>    > random users to experiment with it.
> 
>    I'm sure Charles meant that this was a sucky interface for a disk
>    formatting utility, and not that it is a sucky interface for a
>    general "send an arbitrary CDB" to a SCSI device.
> 
> No, and you can see from my example that I didn't mean that.  In the
> specific case I cited, the user would indeed be using it to send an
> arbitrary command to the device.
> 
> There are a few obvious ways it can be made reasonably safe:
> 
> * Allow a mnemonic name for the command, and always use the mnemonic
> names when suggesting something to a user.

This makes it quite a bit less arbitrary - you need to know a lot
about the individual commands.

> * Verify the CDB length when possible.

The FreeBSD driver does this already.

> * Unless another option is given, disallow any command that would
> modify the device's state in a significant way.

Again, this makes it quite a bit less arbitrary - you need to know a lot
about the individual commands.

> None of these would restrict the functionality of the program in any
> way, except that the 2nd would disallow sending some invalid CDBs.

I won't bother with any more peace offerings.

-- 
Peter Dufault               Real Time Machine Control and Simulation
HD Associates, Inc.         Voice: 508 433 6936
dufault@hda.com             Fax:   508 433 5267