[EMAIL PROTECTED] wrote:
> > > > > I am looking since quite a while for the particular
> > > > > and substantial security problems which one is said
> > > > > to have if one allows w-access to a CD/DVD writer.
> > > I understand this puts my 60 Euro burner at risk
>
> > Joerg Schilling wrote:
> > THe bug in the linux kernel was to allow _any_ commands even if only
> > _read_ access was present.
>
> This is frightening in general and somewhat appeasing
> in my special problem. (By telling me that not w-perms
> was the problem which had to be tackled in a hurry.)
The Linux security bug was that a novice programmer did allow to send
SCSI commands via an fd that has been opened read only!
The adequate bug fix would have been to require opening RW again.
Jörg
--
EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin
[EMAIL PROTECTED] (uni)
[EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
