[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for cooperation with all burn backends

scdbackup@gmx.net wrote:

> Andy Polyakov wrote:
> > Have you seen resmgrd?
> I found this overview of 2006-09-29:
>   http://forgeftp.novell.com//resmgr/web/README.html
> which differs a bit from the impression i got from
> the SuSE 9.0 man pages. 
> One could execute program
>   resmgr lock /dev/xyz
> and then open the device by normal means, possibly even
> with O_EXCL.

Last time, I did look at this software, it was full of conceptional bugs
that tend to make the whole a much biger security risk than a clean solution
in libscg or cdrecord.

The program dishonored:

-	Problems from pattern matching

-	Problems from device aliasing

-	General attack scenarios on the basic idea.

It looked to me as a program that has been written by a person that just 
discovered the possibility of sending open file descriptors via a socket
connection although this method exists since 1979.

I contacted the Author in hope to discuss the security problems in his
concept but he was not interested in a discussion.

Let me only comment on the non-obvious problems.

> The sysadmin has to set up an appropriate resmgrd
> configuration before this. 

Due to the pattern matching, this carries a high risk.

> Further ideas:
> Next i will try to find out wether HAL would be of more
> help.

HAL is known to be a non-cooperative program that interrupts
CD/DVD writing. Sun is just working on a new vold implementation 
for better GNOME support. Let us wait until this has been finished....


 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de                (uni)  
       schilling@fokus.fraunhofer.de     (work) Blog: http://schily.blogspot.com/
 URL:  http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily

Reply to: