[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07


> This was not a change made because it would be nice, it was made because 
> it became public information that anyone who could burn could change the 
> firmware. Security fixes sometime do have to be done quickly, evil 
> people do tend to jump on any opening in the time between a 
> vulnerability becoming public and being fixed.

I am looking since quite a while for the particular
and substantial security problems which one is said
to have if one allows w-access to a CD/DVD writer.

By help of your name and some keywords from above i
googled into a thread at the kernel mailing list.
Nevertheless the threads and subtreads in the archives
are a bit manifold ... sigh.

Could you please answer me the following questions
resp. point me to some comprehensive answers :

- Is there other stuff at risk besides my 60 Euro burner ?
  Is system security in general threatened by the extreme
    chmod a+rw /dev/hdc   (resp.  /dev/sg0 with 2.4 ide-scsi)

- What was the worst threat which could be identified
  through that discussion ? 

- If i am willing to risk my burner's health (which i do
  with any physical tray load, actually) what would you
  advise me to do:
  - run a self written setuid-root or sudo program on restrictive
  - allow generous access to /dev/hdc and use neither setuid
    nor sudo
  I have to amend that i am experienced but not in the sense
  as Joerg or kernel programmers. I know my limits and am not
  100% sure wether i could make a program that is setuid-safe.
  Nevertheless if chmod a+w is globally deadly, then i will 
  hardly have a choice but to try.
This topic affects users of growisofs too, i guess.
At least i run my growisofs that style. (No hostile
users expected ... but one never knoes.)

Thanks in advance for any information.

Have a nice day :)


Reply to: