Hi,I don't see a problem here requiring root. Once the filter is turned off for the device, say in rc.local, and the ownership and permissions are set, there's no issue. It can be owned by root, group cdwriters, have permissions 0660, and cdrecord or other trusted programs can be setgid once the kernel stop blocking such access.
BTW: What happened to "FreeBSD User Giacomo" and his Samsung DVD writer ?
Any news to report ? A happy ending perchance ?
Bill Davidsen: [about filtering dangerous SCSI commands]
My suggestion would be to add an ioctl, like SET_SCSI_UNFILTERED, which
can only be used as root, and which would allow SCSI commands sent a
device to be persistently set unfiltered.
I understand that would be for programs like firmware
updaters, but not for the vanilla purpose of bringing
data onto an optical disc ?
Because ... if this is intended for daily usage:
I do not think that burning a disc on a desktop should
necessarily require root privileges. Let's leave it to
the sysadmin (or distro) to decide who may burn resp.
may endanger the device by malicious use of normally
harmless SCSI commands. (Like overworking the drive tray
motor ?)
After all, what is gained if one performs daily tasksNo need to do any daily tasks in a dangerous mode, access would be limited to users and programs regarded as trusted.
as a privileged user ? That only pierces the protection
against absent-minded mistakes and involuntary backdoors.
Actually i try to stay away from any kernel peculiaritiesIf this could be added it would presumably not change.
so i do not get addicted to something that might change.
A pointer to a list of forbidden commands would be welcome
thus.
Maybe cdrskin was up to now only tested on totally insecure
systems. After all i never got reports of the ominous
command filtering interfering with burning. If it prevents
any of libburn's SCSI commands from being executed then it
does this silently and does not prevent burning success.
I would like to know, which commands and cease sending them. :))I put lkml back on the recipients, I'm suggesting a new ioctl as a way around the decision to no longer have setuid/setgid actually fully functional.
libburn SCSI command list (commands in brackets are defined
but not in normal use):
spc.c: 00h, 03h, 12h, 1Eh, 55h, 5Ah,
sbc.c: 1Bh,
mmc.c: 04h, 23h, 2Ah, 35h, 43h, 46h, 4Ah, 51h, 52h, 53h, 54h, 5Bh, 5Ch, 5Dh,
A1h,(AAh),ACh, B6h, BBh,(BEh),
Have a nice day :)