Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
> This was not a change made because it would be nice, it was made because
> it became public information that anyone who could burn could change the
> firmware. Security fixes sometime do have to be done quickly, evil
> people do tend to jump on any opening in the time between a
> vulnerability becoming public and being fixed.
I am looking since quite a while for the particular
and substantial security problems which one is said
to have if one allows w-access to a CD/DVD writer.
By help of your name and some keywords from above i
googled into a thread at the kernel mailing list.
Nevertheless the threads and subtreads in the archives
are a bit manifold ... sigh.
Could you please answer me the following questions
resp. point me to some comprehensive answers :
- Is there other stuff at risk besides my 60 Euro burner ?
Is system security in general threatened by the extreme
chmod a+rw /dev/hdc (resp. /dev/sg0 with 2.4 ide-scsi)
- What was the worst threat which could be identified
through that discussion ?
- If i am willing to risk my burner's health (which i do
with any physical tray load, actually) what would you
advise me to do:
- run a self written setuid-root or sudo program on restrictive
- allow generous access to /dev/hdc and use neither setuid
I have to amend that i am experienced but not in the sense
as Joerg or kernel programmers. I know my limits and am not
100% sure wether i could make a program that is setuid-safe.
Nevertheless if chmod a+w is globally deadly, then i will
hardly have a choice but to try.
This topic affects users of growisofs too, i guess.
At least i run my growisofs that style. (No hostile
users expected ... but one never knoes.)
Thanks in advance for any information.
Have a nice day :)