Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Hi,
> > I wrote:
> > I am looking since quite a while for the particular
> > and substantial security problems which one is said
> > to have if one allows w-access to a CD/DVD writer.
> Matthias Andree wrote:
> As far as I understand Jörg, vendor-specific commands are often involved
> in CD writing, and if they are filtered out, CD writing may not work
> with certain devices -- this is the central point of his criticism.
I understand this puts my 60 Euro burner at risk
if i allow w-access. (It is also at risk if i allow
physical access with a few drops of Loctite.)
> > Is system security in general threatened by the extreme
> > example
> > chmod a+rw /dev/hdc (resp. /dev/sg0 with 2.4 ide-scsi)
>
> That depends if users can obtain device nodes or setuid privileges by
> mounting media from this drive.
Uhum. Valuable keywords to learn from. Thanks.
(Also a confirmation that i am not really fit for a
foolsafe setuid/sudo program, yet.)
The setuid privileges demand w-rights ?
I mean, that is an interesting sneak, but isn't it rather
related to mount -o user,exec,suid ?
man 8 mount: option nosuid warns of suidperl(1).
(Who installed that crap on my computer ?
Not setuid, but it is there. Off with it !)
Device nodes ... uh oh ... do you mean this :
a mknod, a chmod with lax permissions, burned to CD,
CD mounted, cat /dev/zero > /cdrom/my_dev_hda_backdoor
Is this possible ? Looks much like a mount problem too.
(mount -o dev ... but i must learn more. Ay caramba.)
> Judging from the system security, setuid/sudo is always dangerous;
> injecting ANY code into cdrecord would allow every user a root shell.
w-permission to setuid-cdrecord should be restricted to
root, of course.
Since years, i trust Joerg's ability to defend that setuid
situation. Wether the trust is really justified or not,
cdrecord never did any evil things to me. So for now, it's ok.
> > [nice opportunity of own text recycling:]
> > I have to amend that i am experienced but not in the sense
> > as Joerg or kernel programmers. I know my limits and am not
> > 100% sure wether i could make a program that is setuid-safe.
>
> That depends on the overall setup. If the setuid program does some
> privileged operations and can then drop all of its privileges by means
> of setuid() early, it's not very difficult.
I will have to talk to the libburn people about the
appropriate moment to drop privileges. The longer the
time window, the more uncomfortable i would feel.
Thanks for the advice.
Have a nice day :)
Thomas
Reply to: