Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

[David Greaves]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kyle Moffett wrote:

|
| Security issue:
|     Anybody with read access to certain block devices (Like CD-RW

~                    ^^^^

| drives.) could reflash the firmware or otherwise turn the drive into a
| rather expensive doorstop.
|
| Chosen solution for 2.6.8.1:
|     Only allow certain known-safe commands, anything else needs
| root privileges, specifically CAP_SYS_RAWIO or CAP_SYS_ADMIN,

~    ^^^^^^^^

|  (Seems sane, and follows with the general design of the  rest of the
| kernel).

Can someone explain why it isn't anyone with _write_ access to the device?
Surely it's better to drop a user into a group or setgid a program?

If I have write access to a device then I can wipe it's media anyway.
Is there something I'm missing?

| Personally, I'd rather have a setuid executable on my system than
| allow anybody in the cdwriters group to reflash my CDROM drive.

OK, you keep the users out of the group and make the progaram setgid
cdwriters.
Then if someone makes a mess of the set[gu]id code you lose your
cdwriter (which would be gone anyway) and not your whole system.

Why force the program to escalate to root?

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBJvJ78LvjTle4P1gRAgFSAJ92lFbuqHqibMlotNi0jXln10SrhgCePBlS
a4xebwkvjNxVV7L9eoLB7cI=
=bswe
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/