Re: cdrtools-2.01a37 ready
> On OpenBSD, members of the operator group are allowed to
> reboot the system, change tapes ... normal things that
> someone trusted to operate the system would be allowed to do.
> Letting them write to CD/DVD is very low on the scale of bad
> things they could already do, like boot into single user
> mode and mess with all kinds of stuff, and so does not
> further compromise the security of the system. There is
> virtually no way anyone could escalate their privileges by
> simply allowing them to write to a CD device.
Sure there is.
Write new firmware to the device that lets you lock up
the bus or tunnel SCSI commands to another device.
You could password-protect all other devices on the bus,
format disks with non-standard sector sizes, eject
boot media, and so on.
People have been hacking firmware, mostly to remove
annoying spped restrictions and DVD restrictions, so
don't for a moment think that obscurity will save you.
Reply to: