Re: alternative to cdrecord?

To: debian-user@lists.debian.org
Subject: Re: alternative to cdrecord?
From: Simon Kitching <simon@ecnetwork.co.nz>
Date: Tue, 24 Aug 2004 10:58:57 +1200
Message-id: <[🔎] 1093301936.27423.27.camel@pcsimon>
In-reply-to: <[🔎] 1093300581.3071.5.camel@localhost.localdomain>
References: <[🔎] 1093293855.5573.8.camel@localhost.localdomain> <[🔎] 20040823220628.GI27909@rei.moonkingdom.net> <[🔎] 1093300581.3071.5.camel@localhost.localdomain>

On Tue, 2004-08-24 at 10:36, Brian Pack wrote:
> Haven't you heard? IIRC the kernel 2.6.8 plugged a security hole that
> cdrecord used to function. Once the hole was closed, users could no
> longer run cdrecord as they could in previous kernels. With the old
> kernel, a user could potentially wipe a drives firmware.
> 

The emphasis is on the word "users". There are some scsi commands that
can toast a drive; the kernel now has a blacklist of commands that
non-root users are forbidden from sending. Unfortunately, cdrecord uses
some of these commands, and hence cannot record when run as a non-root
user.

Root users can still send any scsi command they like to a drive.

Unfortunately one comment I saw indicates that making cdrecord suid
won't help, as cdrecord deliberately drops back to the real user id
before burning the cd, for "security".  

I guess kernel hackers are working on a solution..

Subscribers to Linux Weekly News can find more info here now:
 http://lwn.net/Articles/97552/
Non-subscribers have to wait until thursday to access this article.

Cheers,

Simon

Reply to:

References:
- alternative to cdrecord?
  - From: Brian Pack <afcpack@verizon.net>
- Re: alternative to cdrecord?
  - From: Marc Wilson <msw@cox.net>
- Re: alternative to cdrecord?
  - From: Brian Pack <afcpack@verizon.net>

Prev by Date: Re: Debian Install
Next by Date: Apache2 binary mod_perl for Woody?
Previous by thread: Re: alternative to cdrecord?
Next by thread: Re: alternative to cdrecord?
Index(es):
- Date
- Thread