Re: cdrtools-2.01a37 ready

To: cdwrite@other.debian.org
Cc: jakemsr@jakemsr.com
Subject: Re: cdrtools-2.01a37 ready
From: Albert Cahalan <albert@users.sf.net>
Date: 21 Aug 2004 11:04:41 -0400
Message-id: <[🔎] 1093100681.5761.2435.camel@cube>

> On OpenBSD, members of the operator group are allowed to
> reboot the system, change tapes ... normal things that
> someone trusted to operate the system would be allowed to do.
> Letting them write to CD/DVD is very low on the scale of bad
> things they could already do, like boot into single user
> mode and mess with all kinds of stuff, and so does not
> further compromise the security of the system.  There is
> virtually no way anyone could escalate their privileges by
> simply allowing them to write to a CD device.

Sure there is.

Write new firmware to the device that lets you lock up
the bus or tunnel SCSI commands to another device.
You could password-protect all other devices on the bus,
format disks with non-standard sector sizes, eject
boot media, and so on.

People have been hacking firmware, mostly to remove
annoying spped restrictions and DVD restrictions, so
don't for a moment think that obscurity will save you.

Reply to:

Follow-Ups:
- Re: cdrtools-2.01a37 ready
  - From: Jacob Meuser <jakemsr@jakemsr.com>

Prev by Date: Re: cdrtools-2.01a37 ready
Next by Date: Re: cdrtools-2.01a37 ready
Previous by thread: Re: cdrtools-2.01a37 ready
Next by thread: Re: cdrtools-2.01a37 ready
Index(es):
- Date
- Thread