[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel
Subject:    Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices
From:       Joerg Schilling <schilling () fokus ! fraunhofer ! de>
Date:       2004-08-20 11:51:21
Message-ID: 4125E5B9.nail8LD2EG3NM () burner
[Download RAW message or body]

Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

> You can also erase the drive firmware as a user etc. That's the problem.

This is definitely not a "hot" problem so there is absolutely no reason to 
make incompatible changes in the kernel interface _without_ discussing this
with the most important users before.

On a decently administrated Linux system, only root is able to send SCSI 
commands because only root is able to open the apropriate /dev/* entries.

cdrecord is designed to be safely installed root and cdrecord is trustworthy - 
it does not overwrite the drive's firmware.

pxupgrade is not intended to be installed suid root, but _even_ _if_ someone
does, it will not allow you to write a file that has not been verifed to be
valid firmware for the drive in question.

> As a security fix it was sufficiently important that it had to be done.

You completely missimterpret importance :-(

Conclusion: What Linux-2.6.8 implement is a bug :-(

Jörg

-- 
 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de		(uni)  If you don't have iso-8859-1
       schilling@fokus.fraunhofer.de	(work) chars I am J"org Schilling
 URL:  http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]