Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices
From: David Greaves
Date: Sat Aug 21 2004 - 01:59:21 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kyle Moffett wrote:
|
| Security issue:
| Anybody with read access to certain block devices (Like CD-RW
~ ^^^^
| drives.) could reflash the firmware or otherwise turn the drive into a
| rather expensive doorstop.
|
| Chosen solution for 2.6.8.1:
| Only allow certain known-safe commands, anything else needs
| root privileges, specifically CAP_SYS_RAWIO or CAP_SYS_ADMIN,
~ ^^^^^^^^
| (Seems sane, and follows with the general design of the rest of the
| kernel).
Can someone explain why it isn't anyone with _write_ access to the device?
Surely it's better to drop a user into a group or setgid a program?
If I have write access to a device then I can wipe it's media anyway.
Is there something I'm missing?
| Personally, I'd rather have a setuid executable on my system than
| allow anybody in the cdwriters group to reflash my CDROM drive.
OK, you keep the users out of the group and make the progaram setgid
cdwriters.
Then if someone makes a mess of the set[gu]id code you lose your
cdwriter (which would be gone anyway) and not your whole system.
Why force the program to escalate to root?
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBJvJ78LvjTle4P1gRAgFSAJ92lFbuqHqibMlotNi0jXln10SrhgCePBlS
a4xebwkvjNxVV7L9eoLB7cI=
=bswe
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/