[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)



>From: Andreas Metzler <ametzler@logic.univie.ac.at>

><http://marc.theaimsgroup.com/?t=109260648900001&r=1&w=2>? Writing CDs
>only works *as* root, SUID root is not enough. - I've been told that

Everything looks very unspecific and hard to understand.

But if the statements in http://marc.theaimsgroup.com/?l=linux-kernel&m=109266532220718&w=2
are correct, then it seems that Linux starts to copy stupid old SCO 
technology :-(

I just convinced SCO that it is completely boneheaded to believe that
the kernel knows more about a drive than e.g. cdrecord in case the SCSI
commands are routed through generic SCSI transport.

About a year ago, it has been impossible to write DVDs on SCO UnixWare
because writing DVD did need commands not yet known by the kernel :-(

They cannot be serious if they really believe that they like to need
a SCSI command filter in the kernel.

http://marc.theaimsgroup.com/?l=linux-kernel&m=109264207926099&w=2

makes me believe that Linux-2.6.8 does not allow the MODE SENDE and/or
MODE SELECT command.

If this is true, then somenone in the Linux Kernel group need to get fired :-(
If there really is a differende between EUID root and UID root, then they
did not understand the POSIX security model: Rights are checked
against EUID and in case of a suid cdrecord, EUID is root.

However, in case that they tried to implement similar security enhancements as
Sun did starting with Solaris 9, then libscg would need the same modification
as it needed on Solaris (switching to/from root bracheting each SCSI command).

(On Solaris 9 you need to have EUID root while you send a SCSI command via USCSI).

I am sorry, but as this would not be a bug fix cdrtools, it is too late to make 
it into cdrtools-2.01-final.



>Cdrecord needs to keep CAP_SYS_RAWIO.

Could you explain this? It is not mentioned in the list if mails you send.

Jörg

-- 
 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de		(uni)  If you don't have iso-8859-1
       schilling@fokus.fraunhofer.de	(work) chars I am J"org Schilling
 URL:  http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily



Reply to: