Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Joerg Schilling <schilling@fokus.fraunhofer.de> writes:
> scdbackup@gmx.net wrote:
>
>> > > I am looking since quite a while for the particular
>> > > and substantial security problems which one is said
>> > > to have if one allows w-access to a CD/DVD writer.
>> > Matthias Andree wrote:
>> > As far as I understand Jörg, vendor-specific commands are often involved
>> > in CD writing, and if they are filtered out, CD writing may not work
>> > with certain devices -- this is the central point of his criticism.
>>
>> I understand this puts my 60 Euro burner at risk
>> if i allow w-access. (It is also at risk if i allow
>> physical access with a few drops of Loctite.)
>
> THe bug in the linux kernel was to allow _any_ commands even if only
> _read_ access was present.
>
> Instead of fixing this, Linus did change the interface in an incompatible way.
Your claims don't make this any truer. The interface wasn't changed at
all, but the commands that were allowed were restricted.
> NO, with a suid-root installation you can make cdrecord and Linux
> more secure than by chmod +w /dev/*
Well, someone would have to prove first that cdrecord is a) sufficiently
bug-free, b) no less secure than Linux in its access control. I doubt
someone has done that, since proving code correct is an enormous effort.
>
> Jörg
>
> --
> EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
> js@cs.tu-berlin.de (uni)
> schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
> URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
--
Matthias Andree
Reply to: