Latest versions of cdrecord, xcdroast, k3b can't burn my CDs

[Nifty Hat Mitch]

On Thu, Sep 30, 2004 at 06:45:16PM +0200, Schlueri wrote:
> Am Do, den 30.09.2004 schrieb Fulko.Hew at sita.aero um 18:27:

> Today, after the update, i burned with k3b, works, but still only as
> root. k3b doesn't find any burner as user. 
> 
> What does this mean, in detail?
> ---------------------------------------------------------------------
> Updated due to new kernel scsi filtering.
> ---------------------------------------------------------------------

The key to the details is that access to the special hardware commands
that are needed to burn CDROMs also gives access to special commands
that permit trashing other disks.

The result is that any user that had permission to burn the cdrom also
had access to the low level commands that can trash the entire system.

To eliminate ANY POSSIBILITY of a trashed system the low level
stuff was blocked as soon as the risk was understood.

The "SCSI filtering" is a reference to code that validates
specific commands as being safe or appropriate for the device.
Eventually the filter will validate and pass the correct
stuff in the correct limited context.

I must admit that I have modified my X-roast icon to use 'sudo' tricks
to make it appear simple.  I did not like the idea of making is SUID.

Some changes just arrived in the test world, I am about to undo the
sudo thing and tinker/explore...

Since the risk was so grave I think that the right thing
has and is being done by all involved.  Stay current and
keep a couple of old bits handy to smooth the bumps.



-- 
	T o m  M i t c h e l l 
	Me, I would "Rather" Not.