Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07

To: cdwrite@other.debian.org
Subject: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
From: scdbackup@gmx.net
Date: Fri, 17 Feb 2006 12:47:49 +0100
Message-id: <[🔎] 20060217115054.B934F2DDB4@murphy.debian.org>
In-reply-to: <[🔎] m3vevez66p.fsf@merlin.emma.line.org>
References: <[🔎] m3vevez66p.fsf@merlin.emma.line.org>

Hi,

> > I wrote:
> > I am looking since quite a while for the particular
> > and substantial security problems which one is said
> > to have if one allows w-access to a CD/DVD writer.
> Matthias Andree wrote: 
> As far as I understand Jörg, vendor-specific commands are often involved
> in CD writing, and if they are filtered out, CD writing may not work
> with certain devices -- this is the central point of his criticism.

I understand this puts my 60 Euro burner at risk
if i allow w-access. (It is also at risk if i allow
physical access with a few drops of Loctite.)

> >   Is system security in general threatened by the extreme
> >   example
> >     chmod a+rw /dev/hdc   (resp.  /dev/sg0 with 2.4 ide-scsi)
> 
> That depends if users can obtain device nodes or setuid privileges by
> mounting media from this drive.

Uhum. Valuable keywords to learn from. Thanks.
(Also a confirmation that i am not really fit for a
 foolsafe setuid/sudo program, yet.)

The setuid privileges demand w-rights ?
I mean, that is an interesting sneak, but isn't it rather
related to   mount -o user,exec,suid  ?

man 8 mount: option nosuid warns of suidperl(1).
(Who installed that crap on my computer ? 
 Not setuid, but it is there. Off with it !)

Device nodes ... uh oh ... do you mean this :
a mknod, a chmod with lax permissions, burned to CD,
CD mounted, cat /dev/zero > /cdrom/my_dev_hda_backdoor

Is this possible ? Looks much like a mount problem too.
(mount -o dev ... but i must learn more. Ay caramba.)

> Judging from the system security, setuid/sudo is always dangerous;
> injecting ANY code into cdrecord would allow every user a root shell.

w-permission to setuid-cdrecord should be restricted to
root, of course.
Since years, i trust Joerg's ability to defend that setuid
situation. Wether the trust is really justified or not, 
cdrecord never did any evil things to me. So for now, it's ok.

> > [nice opportunity of own text recycling:]
> >   I have to amend that i am experienced but not in the sense
> >   as Joerg or kernel programmers. I know my limits and am not
> >   100% sure wether i could make a program that is setuid-safe.
> 
> That depends on the overall setup. If the setuid program does some
> privileged operations and can then drop all of its privileges by means
> of setuid() early, it's not very difficult.

I will have to talk to the libburn people about the
appropriate moment to drop privileges. The longer the
time window, the more uncomfortable i would feel.

Thanks for the advice.

Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Matthias Andree <matthias.andree@gmx.de>

References:
- Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
  - From: Matthias Andree <matthias.andree@gmx.de>

Prev by Date: Re: Problems burning DVD-RW on Plextor PX-716a
Next by Date: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Previous by thread: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Next by thread: Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Index(es):
- Date
- Thread