Re: alternative to cdrecord?
On Tue, 2004-08-24 at 10:36, Brian Pack wrote:
> Haven't you heard? IIRC the kernel 2.6.8 plugged a security hole that
> cdrecord used to function. Once the hole was closed, users could no
> longer run cdrecord as they could in previous kernels. With the old
> kernel, a user could potentially wipe a drives firmware.
>
The emphasis is on the word "users". There are some scsi commands that
can toast a drive; the kernel now has a blacklist of commands that
non-root users are forbidden from sending. Unfortunately, cdrecord uses
some of these commands, and hence cannot record when run as a non-root
user.
Root users can still send any scsi command they like to a drive.
Unfortunately one comment I saw indicates that making cdrecord suid
won't help, as cdrecord deliberately drops back to the real user id
before burning the cd, for "security".
I guess kernel hackers are working on a solution..
Subscribers to Linux Weekly News can find more info here now:
http://lwn.net/Articles/97552/
Non-subscribers have to wait until thursday to access this article.
Cheers,
Simon
Reply to: