Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: None <>
From: YAMAMOTO Takashi <>
List: tech-kern
Date: 10/27/2006 00:23:46
> Andrew Doran wrote:
> > I'm not sure what the issue at hand is, but: the SCSI/RAID pass through
> > interfaces that I had involvement with allow I/O directly to disks. Also
> > since we can't trust either the firmware or the user-space consumers, we
> > can't rule out the possibility that the interfaces could be used to access
> > physical memory.
> I think the questions are:
>   - In the relevant code (the "passthru" ioctls), should we issue a
>     request to check if raw disk IO is allowed, or if a user-command is
>     allowed?
>   - What "passthru" commands imply raw disk IO? what commands may also
>     imply raw memory IO? are they easily distinguishable?

i'd vote to have a separate "passthru" kauth request.
it's different enough from normal raw device i/o, IMO.