Re: CD writing in future Linux (stirring up a hornets' nest) (was: Rationale for RLIMIT_MEMLOCK?)

From: Luke-Jr
Date: Thu Feb 02 2006 - 12:15:16 EST

Next message: Hugh Dickins: "Re: changing physical page"
Previous message: Alistair John Strachan: "Re: PROBLEM: kernel BUG at lib/kernel_lock.c:199!"
Next in thread: Jan Engelhardt: "Re: CD writing in future Linux (stirring up a hornets' nest) (was:Rationale for RLIMIT_MEMLOCK?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 24 January 2006 17:42, Jan Engelhardt wrote:
> >2. find out the current state of affairs,
>
> I am currently able to properly write all sorts of CD-R/RW and DVDÂR/RW,
> DVD-DL with no problems using
> cdrecord -dev=/dev/hdb
> it _currently_ works, no matter how ugly or not this is from either JÃrg's
> or any other developer's POV - therefore it's fine from the end-user's POV.

How did you manage to burn a dual layer disc? I have been completely
unsuccessful at doing this at all. :(

> There have been reports that cdrecord does not work when setuid, but only
> when you are "truly root". Not sure where this comes from,
> (current->euid==0&&current->uid!=0 maybe?) scsi layer somewhere?

I didn't look into it, but my cdrecord seems to work fine as my normal user
(writing via cdrw group w/ perms), but not with suid-root.

> I'm fine (=I agree) with the general possibility of having it setuid,
> though.

Provided it doesn't allow burning files the real-user shouldn't be able to
access... But since cdrecord is commonly suid-root, I presume this has long
been taken into consideration.

> SUSE currently does it in A Nice Way: setfacl'ing the devices to include
> read access for currently logged-in users. (Well, if someone logs on tty1
> after you, you're screwed anyway - he could have just ejected the cd when
> he's physically at the box.)

Aren't user-groups per-session anyway? Why not simply have the login program
apply a 'localusers' group to all local sessions and set device permissions
for that group? To add to the security, perhaps there is a way to remove the
'localusers' permissions from all backgrounded processes (screen, etc) when
the user logs out?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hugh Dickins: "Re: changing physical page"
Previous message: Alistair John Strachan: "Re: PROBLEM: kernel BUG at lib/kernel_lock.c:199!"
Next in thread: Jan Engelhardt: "Re: CD writing in future Linux (stirring up a hornets' nest) (was:Rationale for RLIMIT_MEMLOCK?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]