Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)

To: cdwrite@other.debian.org
Subject: Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
From: Andreas Metzler <ametzler@logic.univie.ac.at>
Date: Mon, 16 Aug 2004 18:02:09 +0200
Message-id: <[🔎] 20040816160207.GF880@balrog.logic.univie.ac.at>
In-reply-to: <[🔎] 200408161538.i7GFcaIX027480@burner.fokus.fraunhofer.de>
References: <[🔎] 200408161538.i7GFcaIX027480@burner.fokus.fraunhofer.de>

On Mon, Aug 16, 2004 at 05:38:36PM +0200, Joerg Schilling wrote:
>From: Andreas Metzler <ametzler@logic.univie.ac.at>
> ><http://marc.theaimsgroup.com/?t=109260648900001&r=1&w=2>? Writing CDs
> >only works *as* root, SUID root is not enough. - I've been told that
[...] 
> http://marc.theaimsgroup.com/?l=linux-kernel&m=109264207926099&w=2

> makes me believe that Linux-2.6.8 does not allow the MODE SENDE and/or
> MODE SELECT command.

Disclaimer: I have not looked at any code.

> If this is true, then somenone in the Linux Kernel group need to get
> fired :-( If there really is a differende between EUID root and UID
> root, then they did not understand the POSIX security model: Rights
> are checked against EUID and in case of a suid cdrecord, EUID is
> root.

I do not think that is the case, because it would break _lots_
of stuff, the problem seems to be that cdrecord drops privileges it
needs to access the hardware.

> However, in case that they tried to implement similar security
> enhancements as Sun did starting with Solaris 9, then libscg would
> need the same modification as it needed on Solaris (switching
> to/from root bracheting each SCSI command).

That sounds much more probable.

> (On Solaris 9 you need to have EUID root while you send a SCSI
> command via USCSI).
 
> I am sorry, but as this would not be a bug fix cdrtools, it is too
> late to make it into cdrtools-2.01-final.

I am not going to try to set release goals for you.
 
>> Cdrecord needs to keep CAP_SYS_RAWIO.
 
> Could you explain this? It is not mentioned in the list if mails you send.

Linux(iirc since 2.2) supports a finer grained permission model than
switching UID, POSIX capabilities[1]. Instead of "switching to/from
root bracketing each SCSI command" you'd simply retain the necessary
capability, CAP_SYS_RAWIO.
          cu andreas

[1] It is not part of IEEE Std 1003.1. I gather from
http://wt.xpilot.org/publications/posix.1e/ that the gremium has given
up on standardizing it.

Reply to:

References:
- Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>

Prev by Date: Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
Next by Date: Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
Previous by thread: Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
Next by thread: Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
Index(es):
- Date
- Thread