Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

From: Alan Cox
Date: Thu Aug 19 2004 - 10:48:18 EST

Next message: Karel Demeyer: "Re: ati_remote for medion"
Previous message: Gene Heskett: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
In reply to: Frank Steiner: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Bartlomiej Zolnierkiewicz: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Iau, 2004-08-19 at 15:32, Frank Steiner wrote:
> What a stupid claim. When I call cdrecord on SuSE 9.1, I can burn CDs and
> DVDs as normal user, without root permissions, without suid, without ide-scsi,
> using /dev/hdc as device.
>
> And this just works fine. So where's the problem?

You can also erase the drive firmware as a user etc. That's the problem.
When you fix that cdrecord gets broken by the security fix if you are
using the SG_IO interface. Patches are kicking around to try and sort
things out so cd burning is safe as non-root. cdrecord works as root.

As a security fix it was sufficiently important that it had to be done.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Karel Demeyer: "Re: ati_remote for medion"
Previous message: Gene Heskett: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
In reply to: Frank Steiner: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Bartlomiej Zolnierkiewicz: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]