Matthias Andree <[email protected]> wrote:
> cdrecord simply assumes that if you don't have access to /dev/hda,
> scanning the other devices is pointless, on the assumption it were a
> security risk. How this fits into user profiles that might allow access
> to /dev/hdc, is unclear to me.
Wrong: cdrecord asumes nothing. It is the SCSI Generic transport library libscg.
Note that libscg does not offer access to a block layer device like /dev/hd*
but rather to the transport layer _below_ /dev/hd*. If you ignore this fact you
will have problems to understand the rules.
> > If you can access a _harddisk_ as a normal user, you _do have_ a security
> > problem. If you can access a cdrom as normal user, well, the opinions
> > differ here. I think you _should not either_, because it might happen that
> > you just left your presentation cd in a cdrom device in a public box. You
> > would certainly not want to have everyone read that out.
>
> That's less of a problem than sending vendor-specific commands - one
> might be "update firmware", which would allow the user to destroy the
> drive.
I am not sure whether you understood the problem here. Cdrtools need to deal
with a lot of vendor specific commands.
Jörg
--
EMail:[email protected] (home) Jörg Schilling D-13353 Berlin
[email protected] (uni)
[email protected] (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
