Joerg Schilling <[EMAIL PROTECTED]> writes: > [EMAIL PROTECTED] wrote: > >> > > I am looking since quite a while for the particular >> > > and substantial security problems which one is said >> > > to have if one allows w-access to a CD/DVD writer. >> > Matthias Andree wrote: >> > As far as I understand Jörg, vendor-specific commands are often involved >> > in CD writing, and if they are filtered out, CD writing may not work >> > with certain devices -- this is the central point of his criticism. >> >> I understand this puts my 60 Euro burner at risk >> if i allow w-access. (It is also at risk if i allow >> physical access with a few drops of Loctite.) > > THe bug in the linux kernel was to allow _any_ commands even if only > _read_ access was present. > > Instead of fixing this, Linus did change the interface in an incompatible way.
Your claims don't make this any truer. The interface wasn't changed at all, but the commands that were allowed were restricted. > NO, with a suid-root installation you can make cdrecord and Linux > more secure than by chmod +w /dev/* Well, someone would have to prove first that cdrecord is a) sufficiently bug-free, b) no less secure than Linux in its access control. I doubt someone has done that, since proving code correct is an enormous effort. > > Jörg > > -- > EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin > [EMAIL PROTECTED] (uni) > [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ > URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily -- Matthias Andree
