Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

[Alan Cox]

On Gwe, 2004-08-20 at 12:51, Joerg Schilling wrote:
> Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
> 
> > You can also erase the drive firmware as a user etc. That's the problem.
> 
> This is definitely not a "hot" problem so there is absolutely no reason to 
> make incompatible changes in the kernel interface _without_ discussing this
> with the most important users before.

It becomes a hot problem they second someone posts the example code to
bugtraq.

> On a decently administrated Linux system, only root is able to send SCSI 
> commands because only root is able to open the apropriate /dev/* entries.

Wrong (as usual)

> cdrecord is designed to be safely installed root and cdrecord is trustworthy - 
> it does not overwrite the drive's firmware.

Running cdrecord setuid may well be the right approach. It can drop
capabilities except CAP_SYS_RAWIO and burn cdroms happily.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/