Hi, > > I wrote: > > I am looking since quite a while for the particular > > and substantial security problems which one is said > > to have if one allows w-access to a CD/DVD writer. > Matthias Andree wrote: > As far as I understand Jörg, vendor-specific commands are often involved > in CD writing, and if they are filtered out, CD writing may not work > with certain devices -- this is the central point of his criticism.
I understand this puts my 60 Euro burner at risk if i allow w-access. (It is also at risk if i allow physical access with a few drops of Loctite.) > > Is system security in general threatened by the extreme > > example > > chmod a+rw /dev/hdc (resp. /dev/sg0 with 2.4 ide-scsi) > > That depends if users can obtain device nodes or setuid privileges by > mounting media from this drive. Uhum. Valuable keywords to learn from. Thanks. (Also a confirmation that i am not really fit for a foolsafe setuid/sudo program, yet.) The setuid privileges demand w-rights ? I mean, that is an interesting sneak, but isn't it rather related to mount -o user,exec,suid ? man 8 mount: option nosuid warns of suidperl(1). (Who installed that crap on my computer ? Not setuid, but it is there. Off with it !) Device nodes ... uh oh ... do you mean this : a mknod, a chmod with lax permissions, burned to CD, CD mounted, cat /dev/zero > /cdrom/my_dev_hda_backdoor Is this possible ? Looks much like a mount problem too. (mount -o dev ... but i must learn more. Ay caramba.) > Judging from the system security, setuid/sudo is always dangerous; > injecting ANY code into cdrecord would allow every user a root shell. w-permission to setuid-cdrecord should be restricted to root, of course. Since years, i trust Joerg's ability to defend that setuid situation. Wether the trust is really justified or not, cdrecord never did any evil things to me. So for now, it's ok. > > [nice opportunity of own text recycling:] > > I have to amend that i am experienced but not in the sense > > as Joerg or kernel programmers. I know my limits and am not > > 100% sure wether i could make a program that is setuid-safe. > > That depends on the overall setup. If the setuid program does some > privileged operations and can then drop all of its privileges by means > of setuid() early, it's not very difficult. I will have to talk to the libburn people about the appropriate moment to drop privileges. The longer the time window, the more uncomfortable i would feel. Thanks for the advice. Have a nice day :) Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
