On Tue, 2004-08-24 at 10:36, Brian Pack wrote: > Haven't you heard? IIRC the kernel 2.6.8 plugged a security hole that > cdrecord used to function. Once the hole was closed, users could no > longer run cdrecord as they could in previous kernels. With the old > kernel, a user could potentially wipe a drives firmware. >
The emphasis is on the word "users". There are some scsi commands that can toast a drive; the kernel now has a blacklist of commands that non-root users are forbidden from sending. Unfortunately, cdrecord uses some of these commands, and hence cannot record when run as a non-root user. Root users can still send any scsi command they like to a drive. Unfortunately one comment I saw indicates that making cdrecord suid won't help, as cdrecord deliberately drops back to the real user id before burning the cd, for "security". I guess kernel hackers are working on a solution.. Subscribers to Linux Weekly News can find more info here now: http://lwn.net/Articles/97552/ Non-subscribers have to wait until thursday to access this article. Cheers, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
