Bug#283325: kernel-source-2.6.9: DVD burning broken since 2.6.8; apply cddvd-cmdfilter-drop.patch
On Tue, Nov 30, 2004 at 09:36:23AM +0100, Christoph Hellwig wrote:
> > if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len))
> > return -EFAULT;
> > - if (verify_command(file, cmd))
> > - return -EPERM;
>
> This opens a big security hole. I wonder whether the person creating
> this patch just played trial and error with a bogus application or was
> smoking serious crack.
It looked like to me like it was a total hack that just happened to
work. I got it from Con Kolvias's homepage, if that makes you more
comfortable.
This whole experience has left me shaken as to how stable a direction
the kernel is going in. I saw on Slashdot experimentation will continue
in the 2.6 series, and it will be up to distributors to produce a stable
kernel.
I can understand bugs but not releasing a product with such a serious
flaw.
Reply to: