SCSI/USB white list

T. 'Nifty New Hat' Mitchell mitch48 at sbcglobal.net
Thu Jun 17 19:35:00 UTC 2004


On Mon, Jun 07, 2004 at 12:31:36AM +0100, Dave Jones wrote:
> Subject: Re: Fedora Core 3 Wishlist
> On Sun, Jun 06, 2004 at 02:44:32PM +0100, Paul Duffy wrote:
....
> Won't happen. Having this as default will break on some devices.
> It locks up the SCSI bus of badly designed devices.
> If you send the relevant info from dmesg, I'll add it to the list
> of devices recognised, and it'll automatically be whitelisted.
> Longterm, things may change for these devices so the USB
> layer recognises the type of device, and does the necessary magic
> automatically.

Is it sane to think about a way that an individual user
could whitelist such devices.

Since the relevant info is seen by the system and recorded in dmesg is
it possible to tabulate the 'unprobed' devices in a virtualized
structure and facilitate an addition to a local gray list.

In addition since some devices are known to be 'bad' is there a
complimentary blacklist.  

With this data one could model a device manager process after the
setup for graphics cards where some probes are expected to pose a risk
(confirmation required), and no configuration is saved until after a
safe action has been confirmed.

One thing that was not mentioned is the boot time cost of probing
devices.  When a long list of potential devices are probed the
timeouts stack up for all the absent devices and the boot time goes
from a minute or so to tens of minutes.   This time issue is serious
enough to keep noprobe as default.

The last addition to the user interface process might be a
mail2whitelist trick not unlike the way that Grip facilitates mailing
in of CDROM data to DiscDB resources like freedb.freedb.org.  Enough
whitelist hits could notify a real person to add a device.

None of this is easy... just thinking out loud.


-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.





More information about the fedora-list mailing list