>From: Lourens Veen <[EMAIL PROTECTED]>
>> >scsidev: '0,0,0'
>> >scsibus: 0 target: 0 lun: 0
>> >Linux sg driver version: 3.1.24
>> >/usr/bin/cdrecord: Warning: using inofficial libscg transport
>> > code version =3D ([EMAIL PROTECTED]
>> > '@(#)scsi-linux-sg.c=3D091.75=3D 02/10/21 Copyright 1997 J.
>> > Schilling').
>> >Cdrecord 2.0 (i686-suse-linux) Copyright (C) 1995-2002 J=3DF6rg
>> > Schilling TOC Type: 1 =3D3D CD-ROM
>> >Using libscg version 'schily-0.7'
>> >atapi: 1
>>
>> You are using an illegal version of cdrecord.
>>
>> This version is not working corrrectly because it has been
>> modified by SuSE.
>>
>> (see GPL =A7 2 subclause c) and GPL Preamble, subsection 6)
>Before I submit a report to SuSE about this, it seems that it's=20
>libscg that they patched, not cdrecord itself, correct? If they use=20
>the original cdrecord with a modified libscg (presumably to match=20
>their modified kernel) and libscg doesn't normall print anything=20
>(because it's a library) then technically this is still legal.
1) libscg normally prints messages and there are special notes
on what to do when somebody changes code.
The changes made by SuSE on libscg are creating the hint above.
The problem is that these changes are a nice idea but a security
problem because they use a daemon to open the driver files and this
deamon checks rights based on /dev/sg* names which is highly
instable on Linux.
2) They _also_ did modify the cdrecord source and the effect was
to remove warnings that cdrecord prints when you don't run it
as root (as required) but run it as "normal user".
If cdrecord runs as non root user, there is a high risk for
buffer undderuns.
As you see, what SuSE did is to remove important warnings without
telling the user that the modified version may not work correctly because
of the modifications.
The real cdrecord _does_ warn people and request them to run cdrecord as root.
J�rg
EMail:[EMAIL PROTECTED] (home) J�rg Schilling D-13353 Berlin
[EMAIL PROTECTED] (uni) If you don't have iso-8859-1
[EMAIL PROTECTED] (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
