Bug#283325: kernel-source-2.6.9: DVD burning broken since 2.6.8; apply cddvd-cmdfilter-drop.patch

[William Ballard <nospam_40811@alltel.net>]

On Tue, Nov 30, 2004 at 09:36:23AM +0100, Christoph Hellwig wrote:
> >  	if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len))
> >  		return -EFAULT;
> > -	if (verify_command(file, cmd))
> > -		return -EPERM;
> 
> This opens a big security hole.  I wonder whether the person creating
> this patch just played trial and error with a bogus application or was
> smoking serious crack.

It looked like to me like it was a total hack that just happened to 
work.  I got it from Con Kolvias's homepage, if that makes you more 
comfortable.

This whole experience has left me shaken as to how stable a direction 
the kernel is going in.  I saw on Slashdot experimentation will continue 
in the 2.6 series, and it will be up to distributors to produce a stable 
kernel.

I can understand bugs but not releasing a product with such a serious 
flaw.