Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

[Joerg Schilling]

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:

> On Gwe, 2004-08-20 at 15:11, Joerg Schilling wrote:
> > Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
> > 
> > > > On a decently administrated Linux system, only root is able to send SCSI 
> > > > commands because only root is able to open the apropriate /dev/* entries.
> > >
> > > Wrong (as usual)
> > 
> > Useless as usual :-(
>
> Unlike you I spend some of my time looking at large real world Linux
> installations.

So you just like to tell us that you have no clue?

If the owners and permissions of the filesystem have been set up correctly,
then there is no security problem. 

As there is no problem in the kernel, why change the kernel?

The modification only breaks compatibility and causes trusted applications
like cdrtools to fail if installed suid root.

The change _only_ affects programs that open the /dev/ nodes with euid root
and later revert to a different user id. 

Programs that do not run with euid root cannot open the /dev/ nodes if owner
and permissions have been set up correctly.

Jörg

-- 
 EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
       js@xxxxxxxxxxxxxxx		(uni)  If you don't have iso-8859-1
       schilling@xxxxxxxxxxxxxxxxxxx	(work) chars I am J"org Schilling
 URL:  http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/