Re: cdrecord and newer Linux kernels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 16, 2005 at 12:39:03PM +0900, Horms wrote:
>In article <20051111000913.GU4682@xxxxxxxxxx> you wrote:
>> 
>> That does make it rather difficult to have any safe CD/DVD writing
>> software - do you think it's a good idea to have end users run apps as
>> root to burn CDs? I've read too much of the cdrecord source to be
>> happy running that as root! :-) My thought is that it might be better
>> to allow specific commands on specific drives, and let the local admin
>> configure that for themselves...
>> 
>
>The whole problem is that some IOCTLS are not safe. And there is no
>definitive list of IOCTLs, so safe ones are added as they are known. And
>the others are disabled.  If you have discovered ioctls which are indeed
>safe, then they should be added to the whitelist.
>
>As for allowing root to have a mechanism to allow users to access
>arbitary (unsafe) ioctls, that sounds like a can of worms to me.
>I have CCed the SCSI maintainers for comment.
>
>For their reference, your original post and patch, allong with
>the rest of this thread is at:
>
>http://lists.debian.org/debian-kernel/2005/11/msg00748.html

Again, I understand why the checks were added to the kernel. Adding
access controls to limit the damage that could be caused by non-root
users is entirely a good plan!

The reason I'm looking into this is that there are some commands that
may be dangerous on some devices but on others harmless / useful /
required (even); several years of writing SCSI-based storage
management software has show me that. :-) Allowing a mechanism for an
admin to override the in-kernel policy on a per-device, per-command
basis could allow us to safely allow non-root CD/DVD burning, I hope.

-- 
Steve McIntyre, Cambridge, UK.                                steve@xxxxxxxxxx
Google-bait:
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux