Re: Linux 2.6.8.1 requires changes to cdrecord (and probably every other CD/DVD writing app)
>From: Andreas Metzler <ametzler@logic.univie.ac.at>
>I do not think that is the case, because it would break _lots_
>of stuff, the problem seems to be that cdrecord drops privileges it
>needs to access the hardware.
Wrong: cdrtools handle privilleges the way you get highest security.
For this reason, cdrecord drops all privilleges as soon as possible if
possible.
If Linux suddenly changes known behavior, this is a Linux kernel bug.
>> However, in case that they tried to implement similar security
>> enhancements as Sun did starting with Solaris 9, then libscg would
>> need the same modification as it needed on Solaris (switching
>> to/from root bracheting each SCSI command).
>That sounds much more probable.
If this is the case, then it is a fault of the Linux kernel designers.
They should have written a mail to the most important 'users'.
If they did, then cdrtools would have integrated a smooth migration path.
As they did not, it needs to be called a Linux kernel bu that should
_immeduiately_ fixed.
If they then inform the important users, they may retry this change in 2-4
months.
>>> Cdrecord needs to keep CAP_SYS_RAWIO.
>
>> Could you explain this? It is not mentioned in the list if mails you send.
>Linux(iirc since 2.2) supports a finer grained permission model than
>switching UID, POSIX capabilities[1]. Instead of "switching to/from
>root bracketing each SCSI command" you'd simply retain the necessary
>capability, CAP_SYS_RAWIO.
> cu andreas
If Linux has this, why is there no documentation?
Why is there no man pages for the Linux Kernel at all?
I spend a lot of my time documenting what I did.
If the Linux Kernel people would start to document their hacks, they would get a
chance to understand what they did and could even understand what interfaces
are. Knowing what an interface is helps to design interfaces in a way that keeps
them stable.
>[1] It is not part of IEEE Std 1003.1. I gather from
>http://wt.xpilot.org/publications/posix.1e/ that the gremium has given
>up on standardizing it.
I don't see anything but ACLs here.
Solaris 10 has a clean documentation for getppriv(2)/setppriv(2)
http://docs.sun.com/db/doc/816-5167/6mbb2jaeu?a=expand
Fine grained privs make sense as they allow e.g. star on Solaris 10 to
run backups without the need to be root.
There are privs to mount a fs, to read all local files and to keep the atime.
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni) If you don't have iso-8859-1
schilling@fokus.fraunhofer.de (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
Reply to: