[ Bugger, got the cdrtools-devel address wrong on the first mail. Now fixed. ] On Fri, Nov 11, 2005 at 12:53:00AM +0100, Christoph Hellwig wrote: >On Thu, Nov 10, 2005 at 11:47:29PM +0000, Steve McIntyre wrote: >> In kernel 2.6.8 and later, SCSI generic commands are verified for >> safety. This may be a reasonable measure in some respects, but it >> makes effective non-root CD/DVD burning rather difficult. For best >> performance cdrecord, growisofs and friends may often need to send >> SCSI commands to drives that the kernel may neither know about nor >> understand. And (to add to the pain) these commands are very often >> vendor- or device-specific, so simply allowing those commands in the >> kernel will defeat the point of the verification in the first place. > >The whole point of the verification is to allow safe access to a >selected set of raw commands for normal users. root (or rather >a process that has CAP_SYS_RAWIO) can send any command. if you need >unknown commands just make sure to burn as root, as everything else >would be unsafe anyway. That does make it rather difficult to have any safe CD/DVD writing software - do you think it's a good idea to have end users run apps as root to burn CDs? I've read too much of the cdrecord source to be happy running that as root! :-) My thought is that it might be better to allow specific commands on specific drives, and let the local admin configure that for themselves... -- Steve McIntyre, Cambridge, UK. steve@einval.com Can't keep my eyes from the circling sky, Tongue-tied & twisted, Just an earth-bound misfit, I...
Attachment:
signature.asc
Description: Digital signature