On Sat, Aug 21, 2004 at 11:04:41AM -0400, Albert Cahalan wrote: > > On OpenBSD, members of the operator group are allowed to > > reboot the system, change tapes ... normal things that > > someone trusted to operate the system would be allowed to do. > > Letting them write to CD/DVD is very low on the scale of bad > > things they could already do, like boot into single user > > mode and mess with all kinds of stuff, and so does not > > further compromise the security of the system. There is > > virtually no way anyone could escalate their privileges by > > simply allowing them to write to a CD device. > > Sure there is. > > Write new firmware to the device that lets you lock up > the bus or tunnel SCSI commands to another device. > You could password-protect all other devices on the bus, > format disks with non-standard sector sizes, eject > boot media, and so on. > > People have been hacking firmware, mostly to remove > annoying spped restrictions and DVD restrictions, so > don't for a moment think that obscurity will save you.
Obscurity? What are you talking about? If I thought someone was going to try to overwrite the firmware on an device, they would not be part of the operator group. You apparently did not understand what I was talking about. -- <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]