On Thu, Sep 30, 2004 at 06:45:16PM +0200, Schlueri wrote: > Am Do, den 30.09.2004 schrieb Fulko.Hew@xxxxxxxxx um 18:27: > Today, after the update, i burned with k3b, works, but still only as > root. k3b doesn't find any burner as user. > > What does this mean, in detail? > --------------------------------------------------------------------- > Updated due to new kernel scsi filtering. > --------------------------------------------------------------------- The key to the details is that access to the special hardware commands that are needed to burn CDROMs also gives access to special commands that permit trashing other disks. The result is that any user that had permission to burn the cdrom also had access to the low level commands that can trash the entire system. To eliminate ANY POSSIBILITY of a trashed system the low level stuff was blocked as soon as the risk was understood. The "SCSI filtering" is a reference to code that validates specific commands as being safe or appropriate for the device. Eventually the filter will validate and pass the correct stuff in the correct limited context. I must admit that I have modified my X-roast icon to use 'sudo' tricks to make it appear simple. I did not like the idea of making is SUID. Some changes just arrived in the test world, I am about to undo the sudo thing and tinker/explore... Since the risk was so grave I think that the right thing has and is being done by all involved. Stay current and keep a couple of old bits handy to smooth the bumps. -- T o m M i t c h e l l Me, I would "Rather" Not.
