Re: Samsung DVD writer.

To: cdwrite@other.debian.org
Subject: Re: Samsung DVD writer.
From: Dave Platt <dplatt@radagast.org>
Date: Thu, 5 Apr 2007 10:53:05 -0700 (PDT)
Message-id: <[🔎] courier.46153781.00003F79@radagast.org>
In-reply-to: <[🔎] 4614da27.Zf0BwKp3CIaTLe3W%Joerg.Schilling@fokus.fraunhofer.de>

> 
> There is no need to discuss this. The important facts to learn from me is:
> 
> I write cdrecord in a way that allows me to support as many features as 
> possible.
> 
> I write cdrecord in a way that allows me to know as much on the drive in
> advance as possible.

Jörg,

Would you be willing to provide a specific and complete list 
(e.g. in a text file, as part of the cdrtools distribution) of
the set of SCSI commands that you consider to be necessary
and/or desireable for cdrtools?  If the commands were listed
all in one place, it would be much easier for people (Linux kernel
maintainers, non-Linux kernel people, and J. Random Kibitzers)
to do a proper security analysis, and then (as necessary) make
a clean decision as to which commands are truly safe for non-root
write access and which may not be.

This list could either be done by enumerating the commands which
are necessary, or could be done by saying "All of the MMC-3 commands,
except for the following", or somewhere in between.  The critical
thing would be to have a fully-described list of the commands,
independent of the current source-code implementation of
cdrtools or any other software package.

In looking at the Linux code which implements the security
rules, I can see at least two things which could be done, and
a third might be worthwhile:

[1] The restrictions are implemented in one way in the /dev/sg
    generic SCSI driver (older code), and another way in the 
    general-purpose block-device driver (newer code).

    It would seem to make good sense to factor this code out,
    and have just a single implementation (probably based on the
    newer code, which appears to be more flexible and more
    MMC-3-friendly).

[2] The list of MMC-3 commands allowed for non-root write access
    in the block device driver might be expanded.

[3] The list of commands might be made extensible at run time,
    possibly on a per-device basis.  This might be done via the
    Linux /proc or /sys interfaces.  The built-in list could be used
    in most cases, but the individual system owner could extend it
    if a particular drive needed a drive-specific command for
    full-featured operation.

Reply to:

Follow-Ups:
- Re: Samsung DVD writer.
  - From: Bill Davidsen <davidsen@tmr.com>
- Re: Samsung DVD writer.
  - From: Joerg.Schilling@fokus.fraunhofer.de (Joerg Schilling)

References:
- Re: Samsung DVD writer.
  - From: Joerg.Schilling@fokus.fraunhofer.de (Joerg Schilling)

Prev by Date: Re: Samsung DVD writer.
Next by Date: Re: Samsung DVD writer.
Previous by thread: Re: Samsung DVD writer.
Next by thread: Re: Samsung DVD writer.
Index(es):
- Date
- Thread