Re: cdrtools-2.01a22 ready
>From: Volker Kuhlmann <hidden@paradise.net.nz>
>> All recent SuSE distributions contain inofficial and modified versions
>> of cdrecord that are known to contain bugs and open new security holes.
>Can you be more specific about the bugs please? Or does that "contain
>bugs" simply refer to that they're not the latest alpha version?
Patches that don't follow the conceptional design of complex data structures
easily break functions that the author of the patch is not aware of.
>What "security holes" are you talking about?
I tought that I did already mention it.
SuSE implements a "device manager" deamon that opens device nodes for other
programs. This daemon is less secure than cdrecord/libscg as libscg
does far more than a simple string compare/pattern matching on the device node
name.
Linux does not implement a device node system with a stable device <-> node
relation. Libscg maps device node names to more stable bus/target/lun
values and is thus more secure than the simple system used by SuSE.
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni) If you don't have iso-8859-1
schilling@fokus.fraunhofer.de (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
Reply to: