[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices
From: Joerg Schilling <schilling () fokus ! fraunhofer ! de>
Date: 2004-08-20 11:51:21
Message-ID: 4125E5B9.nail8LD2EG3NM () burner
[Download RAW message or body]
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
> You can also erase the drive firmware as a user etc. That's the problem.
This is definitely not a "hot" problem so there is absolutely no reason to
make incompatible changes in the kernel interface _without_ discussing this
with the most important users before.
On a decently administrated Linux system, only root is able to send SCSI
commands because only root is able to open the apropriate /dev/* entries.
cdrecord is designed to be safely installed root and cdrecord is trustworthy -
it does not overwrite the drive's firmware.
pxupgrade is not intended to be installed suid root, but _even_ _if_ someone
does, it will not allow you to write a file that has not been verifed to be
valid firmware for the drive in question.
> As a security fix it was sufficiently important that it had to be done.
You completely missimterpret importance :-(
Conclusion: What Linux-2.6.8 implement is a bug :-(
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni) If you don't have iso-8859-1
schilling@fokus.fraunhofer.de (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic