CD/DVD burn failed from non root user

From: Igor A. Valcov
Date: Mon Oct 11 2004 - 21:24:54 EST


Hi.

On the kernel >=2.6.8 several SCSI ioctl's, using in cd/dvd burning programs permit only from root.
This patch - is a ugly workaround (remove using verify_command from devices/block/scsi-ioctl.c) for this problem.

Can to whom will it is useful.

And in general it would be quite good to solve this problem in a civilized way :)

--
Igor A. Valcov
diff -Naur linux-2.6.8.1/drivers/block/scsi_ioctl.c linux-2.6.8.1-suid-fix/drivers/block/scsi_ioctl.c
--- linux-2.6.8.1/drivers/block/scsi_ioctl.c 2004-08-31 23:36:33.000000000 +0400
+++ linux-2.6.8.1-suid-fix/drivers/block/scsi_ioctl.c 2004-10-12 05:44:02.390289704 +0400
@@ -105,78 +105,6 @@
return put_user(1, p);
}

-#define CMD_READ_SAFE 0x01
-#define CMD_WRITE_SAFE 0x02
-#define safe_for_read(cmd) [cmd] = CMD_READ_SAFE
-#define safe_for_write(cmd) [cmd] = CMD_WRITE_SAFE
-
-static int verify_command(struct file *file, unsigned char *cmd)
-{
- static const unsigned char cmd_type[256] = {
-
- /* Basic read-only commands */
- safe_for_read(TEST_UNIT_READY),
- safe_for_read(REQUEST_SENSE),
- safe_for_read(READ_6),
- safe_for_read(READ_10),
- safe_for_read(READ_12),
- safe_for_read(READ_16),
- safe_for_read(READ_BUFFER),
- safe_for_read(READ_LONG),
- safe_for_read(INQUIRY),
- safe_for_read(MODE_SENSE),
- safe_for_read(MODE_SENSE_10),
- safe_for_read(START_STOP),
-
- /* Audio CD commands */
- safe_for_read(GPCMD_PLAY_CD),
- safe_for_read(GPCMD_PLAY_AUDIO_10),
- safe_for_read(GPCMD_PLAY_AUDIO_MSF),
- safe_for_read(GPCMD_PLAY_AUDIO_TI),
-
- /* CD/DVD data reading */
- safe_for_read(GPCMD_READ_CD),
- safe_for_read(GPCMD_READ_CD_MSF),
- safe_for_read(GPCMD_READ_DISC_INFO),
- safe_for_read(GPCMD_READ_CDVD_CAPACITY),
- safe_for_read(GPCMD_READ_DVD_STRUCTURE),
- safe_for_read(GPCMD_READ_HEADER),
- safe_for_read(GPCMD_READ_TRACK_RZONE_INFO),
- safe_for_read(GPCMD_READ_SUBCHANNEL),
- safe_for_read(GPCMD_READ_TOC_PMA_ATIP),
- safe_for_read(GPCMD_REPORT_KEY),
- safe_for_read(GPCMD_SCAN),
-
- /* Basic writing commands */
- safe_for_write(WRITE_6),
- safe_for_write(WRITE_10),
- safe_for_write(WRITE_VERIFY),
- safe_for_write(WRITE_12),
- safe_for_write(WRITE_VERIFY_12),
- safe_for_write(WRITE_16),
- safe_for_write(WRITE_BUFFER),
- safe_for_write(WRITE_LONG),
- };
- unsigned char type = cmd_type[cmd[0]];
-
- /* Anybody who can open the device can do a read-safe command */
- if (type & CMD_READ_SAFE)
- return 0;
-
- /* Write-safe commands just require a writable open.. */
- if (type & CMD_WRITE_SAFE) {
- if (file->f_mode & FMODE_WRITE)
- return 0;
- }
-
- /* And root can do any command.. */
- if (capable(CAP_SYS_RAWIO))
- return 0;
-
- /* Otherwise fail it with an "Operation not permitted" */
- return -EPERM;
-}
-
static int sg_io(struct file *file, request_queue_t *q,
struct gendisk *bd_disk, struct sg_io_hdr *hdr)
{
@@ -193,8 +121,6 @@
return -EINVAL;
if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len))
return -EFAULT;
- if (verify_command(file, cmd))
- return -EPERM;

/*
* we'll do that later
@@ -343,10 +269,6 @@
if (copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;

- err = verify_command(file, rq->cmd);
- if (err)
- goto error;
-
switch (opcode) {
case SEND_DIAGNOSTIC:
case FORMAT_UNIT:
diff -Naur linux-2.6.8.1/Makefile linux-2.6.8.1-suid-fix/Makefile
--- linux-2.6.8.1/Makefile 2004-10-12 04:34:09.000000000 +0400
+++ linux-2.6.8.1-suid-fix/Makefile 2004-10-12 05:46:54.212168808 +0400
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 8
-EXTRAVERSION = .1
+EXTRAVERSION = .1-burn-fix
NAME=Zonked Quokka

# *DOCUMENTATION*