Joerg Schilling wrote: > Dale <[EMAIL PROTECTED]> wrote: > > >>> In Autumn 2004 this bug was not fixed but the SCSI Linux kernel interface >>> was changed in an incompatible way. Now _some_ SCSI commands work as >>> non-root. >>> >>> SCSI is a try and error protocol and cdrecord checks which commands are >>> working. >>> If it is possible to burn with the limuted non-root command set, it _may_ >>> work >>> but there is a high risk for buffer underruns. In this case cdrecord >>> believes >>> that you own a really dumb burner that does not support most of the nice >>> features.... >>> >>> Jörg >>> > > >> So that I have a better understanding of this, if he is not a member of >> the cd/cdrw group then the command would still work as a user? >> > > Since the original security bug hass not been fxed, you are able so send > a limit set of SCSI commands if you are able to open the device read-only. > Libscg opens the devices read/write, so the only effect of such a grup > membership is that cdrecord is able to open the device. > > Jörg > >
Then what is the point of having a cd/cdrw group? It doesn't seem to have "secured" much of anything by having it. Dale aka confused. It's ok. It's normal for me. :-) :-)
