Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Hi,
> > > > I wrote:
> > > > I am looking since quite a while for the particular
> > > > and substantial security problems which one is said
> > > > to have if one allows w-access to a CD/DVD writer.
> > I understand this puts my 60 Euro burner at risk
> Joerg Schilling wrote:
> THe bug in the linux kernel was to allow _any_ commands even if only
> _read_ access was present.
This is frightening in general and somewhat appeasing
in my special problem. (By telling me that not w-perms
was the problem which had to be tackled in a hurry.)
I understood from some of your statements in the past that you
expect severe security problems if any user is able to write
to the CD/DVD burner.
Obviously you have chosen the workloaden way of programming
an automated superuser who cannot be fooled by the user.
As said i trust your ability to fight off the vast majority
of smart fools. (We should not forget Goedel's Incompleteness
and the related Halting Problem when betting on wise automats.)
For cdrskin, nevertheless, i would prefer to go the cheap way:
The sysadmin is responsible for who has permission to use
the burner and people can use cdrskin only for burning CD and
killing the burner - but not for attacking system integrity.
If there are known tricks to escalate w-permission on /dev/hdc
to some more extended privileges (e.g. w-perm on all /dev/hdX)
- then i would have to consider a setuid approach.
I also would have to reconsider my way of using growisofs.
Up to now, i have learnt some interesting pitfalls and augmented
the documentation of scdbackup by an advice to mount -o nosuid,nodev.
To my luck there was no hard reason, yet, to decide for programming
a setuid-safe application.
You would spoil my day by naming such a reason, Joerg. But on the
long run i would surely have to be thankful for that.
Have a nice day :)
Thomas
Reply to: