CD/DVD burn failed from non root user

CD/DVD burn failed from non root user

[Igor A. Valcov]

[-- Attachment #1: Type: text/plain, Size: 357 bytes --]

Hi.

On the kernel >=2.6.8 several SCSI ioctl's, using in cd/dvd burning 
programs permit only from root.
This patch - is a ugly workaround (remove using verify_command from 
devices/block/scsi-ioctl.c) for this problem.

Can to whom will it is useful.

And in general it would be quite good to solve this problem in a 
civilized way :)

-- 
Igor A. Valcov

[-- Attachment #2: patch-2.6.8.1-burn-fix.diff --]
[-- Type: text/plain, Size: 3266 bytes --]

diff -Naur linux-2.6.8.1/drivers/block/scsi_ioctl.c linux-2.6.8.1-suid-fix/drivers/block/scsi_ioctl.c
--- linux-2.6.8.1/drivers/block/scsi_ioctl.c	2004-08-31 23:36:33.000000000 +0400
+++ linux-2.6.8.1-suid-fix/drivers/block/scsi_ioctl.c	2004-10-12 05:44:02.390289704 +0400
@@ -105,78 +105,6 @@
 	return put_user(1, p);
 }
 
-#define CMD_READ_SAFE	0x01
-#define CMD_WRITE_SAFE	0x02
-#define safe_for_read(cmd)	[cmd] = CMD_READ_SAFE
-#define safe_for_write(cmd)	[cmd] = CMD_WRITE_SAFE
-
-static int verify_command(struct file *file, unsigned char *cmd)
-{
-	static const unsigned char cmd_type[256] = {
-
-		/* Basic read-only commands */
-		safe_for_read(TEST_UNIT_READY),
-		safe_for_read(REQUEST_SENSE),
-		safe_for_read(READ_6),
-		safe_for_read(READ_10),
-		safe_for_read(READ_12),
-		safe_for_read(READ_16),
-		safe_for_read(READ_BUFFER),
-		safe_for_read(READ_LONG),
-		safe_for_read(INQUIRY),
-		safe_for_read(MODE_SENSE),
-		safe_for_read(MODE_SENSE_10),
-		safe_for_read(START_STOP),
-
-		/* Audio CD commands */
-		safe_for_read(GPCMD_PLAY_CD),
-		safe_for_read(GPCMD_PLAY_AUDIO_10),
-		safe_for_read(GPCMD_PLAY_AUDIO_MSF),
-		safe_for_read(GPCMD_PLAY_AUDIO_TI),
-
-		/* CD/DVD data reading */
-		safe_for_read(GPCMD_READ_CD),
-		safe_for_read(GPCMD_READ_CD_MSF),
-		safe_for_read(GPCMD_READ_DISC_INFO),
-		safe_for_read(GPCMD_READ_CDVD_CAPACITY),
-		safe_for_read(GPCMD_READ_DVD_STRUCTURE),
-		safe_for_read(GPCMD_READ_HEADER),
-		safe_for_read(GPCMD_READ_TRACK_RZONE_INFO),
-		safe_for_read(GPCMD_READ_SUBCHANNEL),
-		safe_for_read(GPCMD_READ_TOC_PMA_ATIP),
-		safe_for_read(GPCMD_REPORT_KEY),
-		safe_for_read(GPCMD_SCAN),
-
-		/* Basic writing commands */
-		safe_for_write(WRITE_6),
-		safe_for_write(WRITE_10),
-		safe_for_write(WRITE_VERIFY),
-		safe_for_write(WRITE_12),
-		safe_for_write(WRITE_VERIFY_12),
-		safe_for_write(WRITE_16),
-		safe_for_write(WRITE_BUFFER),
-		safe_for_write(WRITE_LONG),
-	};
-	unsigned char type = cmd_type[cmd[0]];
-
-	/* Anybody who can open the device can do a read-safe command */
-	if (type & CMD_READ_SAFE)
-		return 0;
-
-	/* Write-safe commands just require a writable open.. */
-	if (type & CMD_WRITE_SAFE) {
-		if (file->f_mode & FMODE_WRITE)
-			return 0;
-	}
-
-	/* And root can do any command.. */
-	if (capable(CAP_SYS_RAWIO))
-		return 0;
-
-	/* Otherwise fail it with an "Operation not permitted" */
-	return -EPERM;
-}
-
 static int sg_io(struct file *file, request_queue_t *q,
 		struct gendisk *bd_disk, struct sg_io_hdr *hdr)
 {
@@ -193,8 +121,6 @@
 		return -EINVAL;
 	if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len))
 		return -EFAULT;
-	if (verify_command(file, cmd))
-		return -EPERM;
 
 	/*
 	 * we'll do that later
@@ -343,10 +269,6 @@
 	if (copy_from_user(buffer, sic->data + cmdlen, in_len))
 		goto error;
 
-	err = verify_command(file, rq->cmd);
-	if (err)
-		goto error;
-
 	switch (opcode) {
 		case SEND_DIAGNOSTIC:
 		case FORMAT_UNIT:
diff -Naur linux-2.6.8.1/Makefile linux-2.6.8.1-suid-fix/Makefile
--- linux-2.6.8.1/Makefile	2004-10-12 04:34:09.000000000 +0400
+++ linux-2.6.8.1-suid-fix/Makefile	2004-10-12 05:46:54.212168808 +0400
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 8
-EXTRAVERSION = .1
+EXTRAVERSION = .1-burn-fix
 NAME=Zonked Quokka
 
 # *DOCUMENTATION*

Re: CD/DVD burn failed from non root user

[Lee Revell]

On Mon, 2004-10-11 at 22:23, Igor A. Valcov wrote:
> And in general it would be quite good to solve this problem in a 
> civilized way :)

By trolling?

Lee

Re: CD/DVD burn failed from non root user

[Igor A. Valcov]

Lee Revell wrote:
> On Mon, 2004-10-11 at 22:23, Igor A. Valcov wrote:
> 
>>And in general it would be quite good to solve this problem in a 
>>civilized way :)
> 
> 
> By trolling?
> 
> 
No... this is the real problem that makes to using cd/dvd recording with 
linux non-comfortable... and should be fixed.

-- 
Igor A. Valcov

Re: CD/DVD burn failed from non root user

[Lee Revell]

On Tue, 2004-10-12 at 17:44, Igor A. Valcov wrote:
> Lee Revell wrote:
> > On Mon, 2004-10-11 at 22:23, Igor A. Valcov wrote:
> > 
> >>And in general it would be quite good to solve this problem in a 
> >>civilized way :)
> > 
> > 
> > By trolling?
> > 
> > 
> No... this is the real problem that makes to using cd/dvd recording with 
> linux non-comfortable... and should be fixed.

But do you have a _solution_ that takes into account the issues raised
in the original LKML thread?

If a security hole is discovered it will be closed.  Even if users are
temporarily inconvenienced.  Posting a patch that just blithely reopens
the hole is not productive.

Lee

Re: CD/DVD burn failed from non root user

[Lee Revell]

On Tue, 2004-10-12 at 17:44, Igor A. Valcov wrote:
> Lee Revell wrote:
> > On Mon, 2004-10-11 at 22:23, Igor A. Valcov wrote:
> > 
> >>And in general it would be quite good to solve this problem in a 
> >>civilized way :)
> > 
> > 
> > By trolling?
> > 
> > 
> No... this is the real problem that makes to using cd/dvd recording with 
> linux non-comfortable... and should be fixed.

PLEASE FIX YOUR SPAM FILTER.  I am sure the rest of the list is sick of
these messages.  You cannot expect people to take your concern seriously
when you bounce their mail.

Lee

Re: CD/DVD burn failed from non root user

[Lee Revell]

On Mon, 2004-10-11 at 22:23, Igor A. Valcov wrote:
> And in general it would be quite good to solve this problem in a 
> civilized way :)

Also, this is hard to do when your mail server blocks me with "553 5.3.0
REJECT Spam not accepted".  Please fix your filter, I am not running a
spamhaus here.

Lee

Re: CD/DVD burn failed from non root user

[Lee Revell]

On Mon, 2004-10-11 at 22:37, Lee Revell wrote:
> On Mon, 2004-10-11 at 22:23, Igor A. Valcov wrote:
> > And in general it would be quite good to solve this problem in a 
> > civilized way :)
> 
> Also, this is hard to do when your mail server blocks me with "553 5.3.0
> REJECT Spam not accepted".  Please fix your filter, I am not running a
> spamhaus here.
> 

Here is my reply.  Your spam filter is STILL bouncing my mail.

--

Are you saying DCANet is a spamhaus?  That is crazy, we are an ISP with
15,000 customers, of course you have received spam from them once or
twice.  All we can do when we catch a customer spamming (usually due to
a hacked machine) is terminate their access.  We cannot go back in time
and un-send the spam.

I have never had anyone on LKML bounce mail from DCANet.  So, the
problem is at YOUR END.

If you are accusing DCANet of being a spamhaus then please forward me
one shred of evidence that DCANet has ever spammed you.

--

Anyway, just to keep this thread from being a completely OT waste of
time, the code that your patch removes was put there for a reason.  It
fixes a security hole.  There was a long thread about it on LKML last
month.  Posting a patch that just rips this code out is not productive.

Lee