Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Sat, 4 Jan 2020 19:15:36 +0000

On Fri, Jan 03, 2020 at 09:40:51AM -0500, Thor Lancelot Simon wrote:
 > >  - uscanner, which was brought up by other people for an unrelated reason.
 > >    It was removed from FreeBSD in 2009, from OpenBSD in 2013, and disabled
 > >    in NetBSD in 2016. It has been superseded by ugen+SANE.
 > 
 > I would like to suggest that the use of "generic" USB/SCSI/etc. devices
 > that allow sending arbitrary commands from userland is one of the least
 > safe design patterns in modern operating systems.  Not all security
 > issues are accidental - some work as designed, and I think this is one
 > such.
 > 
 > So it's a bit of a shame to see uscanner or any other target-specific
 > driver go, with an inherently unsafe generic target driver as replacement,
 > though perhaps in this case it's necessary.

concur

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages
  - From: coypu
- Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages
  - From: Jason Thorpe
- Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages
  - From: Maxime Villard
- Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages
  - From: Thor Lancelot Simon

Prev by Date: Re: EFI memory map
Next by Date: Re: adding linux syscall fallocate
Previous by Thread: Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages
Next by Thread: Proposal: removing uyurex(4)
Indexes:

Home | Main Index | Thread Index | Old Index