Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

From: Joerg Schilling
Date: Sun Aug 22 2004 - 06:59:37 EST

Next message: R. J. Wysocki: "Re: Linux Incompatibility List"
Previous message: James Courtier-Dutton: "Re: Entirely ignoring TCP and UDP checksum in kernel level"
In reply to: Pascal Schmidt: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Joerg Schilling: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Let me give some additional remarks to clear up things:

Joerg Schilling <schilling@xxxxxxxxxxxxxxxxxxx> wrote:

> Pascal Schmidt <der.eremit@xxxxxxxx> wrote:

> > The previous Linux implementation allowed users with *read* access
> > to the device to send arbitrary SG_IO commands. Giving read permission
>
> This is of course a kernel bug - but it could be easily fixed.
> My scg driver for SunOS requires write permissions since it has been
> created in August 1986.

Not checking for Write access permissions at this place is a typical mistake
made by novice programmers, so I never thought this could be in Linux.....

> > to normal users is quite common, to allow them to run isosize or play
> > their freshly burned SVCDs with mplayer.
>
> So changing the kernel to require write permissions would be a simple fix that
> would help without breaking cdrtools as libscg of course opens the devices with
> O_RDWR.

If Linux still noes not check for write permissions, I would consider there is
still a bug.

If there is a list of "aparently safe" SCSI commands that are allowed to be
executed, then there is another bug in Linux. The only SCSI command that could
be called safe if Test Unit Ready and even this only if not send more then once
every few seconds.

There are several SCSI commands that look safe but would result in coasters
if issued while a CD or DVD is written.

Conclusion: It makes no sense to start implementing a fine grained security
model before basic secutity has been done correctly.

The best immediate fix for the problem is to just check for read & write
permissions on the file descriptor and otherwise revert to how it has been
before 2.6.8.

Jörg

--
EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
js@xxxxxxxxxxxxxxx (uni) If you don't have iso-8859-1
schilling@xxxxxxxxxxxxxxxxxxx (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: R. J. Wysocki: "Re: Linux Incompatibility List"
Previous message: James Courtier-Dutton: "Re: Entirely ignoring TCP and UDP checksum in kernel level"
In reply to: Pascal Schmidt: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Joerg Schilling: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]