Re: 2.6.8.1 Mis-detect CRDW as CDROM

[Frank Steiner <fsteiner-mail@bio.ifi.lmu.de>]

Marc Ballarin wrote:
> List of SCSI commands in cdrecord and k3b. Completeness and corectness are
> not guaranteed and not even likely. Not all commands are actually used,
> some are only for older hardware.
> 
> MODE_SELECT_* is not needed by cdrecord and fails gracefully as Kai
> Makisara suspected. k3b seems broken, as it doesn't recognize devices as
> writers if MODE_SELECT_10 fails (even when opening the device read-only).
> 
> Commands prepended by "->" are (probably) not mentioned in kernel include
> files.
> 
> Now all that is left to do is determining which commands are safe and
> fixing apps that only open devices read-only ;-)

So what's the target in this process? Should users finally be able to
write cds again without or only with suid bit set? It would be good to
know if I should try to set all cd writing applications suid or just
have to wait for some patches coming up that would allow users to
write cds without suid again...

If the programs must be set suid, is that safe? In the past I was
always told that setting e.g. cdrecord suid was a possible security issue.
But I really don't understand enough of the new security model in the
kernel to judge if that's right or wrong...

Can someone enlighten me? :-)

cu,
Frank
-- 
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049