Re: "logical unit communication failure" c2scan NEC ND-4550A 1.07
Bill Davidsen <davidsen@tmr.com> wrote:
> >The Security problem was that the Linux kernel did not check for write
> >permission in order to allow SCSI generic commands to be send.
> >
> >
> Not correct. The problem was that write permission to burn CDs included
> write firmware commands. The initial fix was way too restrictive, and
> blocked vendor commands as well as firmware writes, but it did protect
> against operations which could make the device unusable. Later changes
> have fixed most of the cases where legitimate commands were blocked.
> "-msinfo" works again, for instance.
The "fix" was not a fix for the problem but a deliberate break of an interface.
I can still see no plan in the changes that result in filtering.
> >And as I am an experienced programmer, I know that a clean fix that
> >would just require write access would be even much simpler to write than
> >what actually has been done.
> >
> >
> It makes sense to separate "write data" and "modify device" since users
> are expected to burn CDs but only root is normally going to change
> firmware or otherwise affect device behaviour.
I don't see any relation to out problem.
If you like this to be discussed, you would need to become specific enough so
other people may be able to understand the thoughts in your mind.
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni)
schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
Reply to: