Re: cdrtools-2.01a37 ready

To: cdwrite@other.debian.org
Subject: Re: cdrtools-2.01a37 ready
From: Jacob Meuser <jakemsr@jakemsr.com>
Date: Sat, 21 Aug 2004 11:21:29 -0700
Message-id: <[🔎] 20040821182151.GB5218@funk.gsky.dom>
Mail-followup-to: cdwrite@other.debian.org
In-reply-to: <[🔎] 1093100681.5761.2435.camel@cube>
References: <[🔎] 1093100681.5761.2435.camel@cube>

On Sat, Aug 21, 2004 at 11:04:41AM -0400, Albert Cahalan wrote:
> > On OpenBSD, members of the operator group are allowed to
> > reboot the system, change tapes ... normal things that
> > someone trusted to operate the system would be allowed to do.
> > Letting them write to CD/DVD is very low on the scale of bad
> > things they could already do, like boot into single user
> > mode and mess with all kinds of stuff, and so does not
> > further compromise the security of the system.  There is
> > virtually no way anyone could escalate their privileges by
> > simply allowing them to write to a CD device.
> 
> Sure there is.
> 
> Write new firmware to the device that lets you lock up
> the bus or tunnel SCSI commands to another device.
> You could password-protect all other devices on the bus,
> format disks with non-standard sector sizes, eject
> boot media, and so on.
> 
> People have been hacking firmware, mostly to remove
> annoying spped restrictions and DVD restrictions, so
> don't for a moment think that obscurity will save you.

Obscurity?  What are you talking about?

If I thought someone was going to try to overwrite the firmware
on an device, they would not be part of the operator group.

You apparently did not understand what I was talking about.

-- 
<jakemsr@jakemsr.com>

Reply to:

References:
- Re: cdrtools-2.01a37 ready
  - From: Albert Cahalan <albert@users.sf.net>

Prev by Date: Re: cdrtools-2.01a37 ready
Next by Date: Re: DNS-like idea for SCSI (NIS+ maybe)
Previous by thread: Re: cdrtools-2.01a37 ready
Next by thread: Re: cdrtools-2.01a37 ready
Index(es):
- Date
- Thread