cdrecord permission problems

[Bill Davidsen]

Alan Cox wrote:
>> The reason setuid is needed is to allow use of vendor commands, and the 
>> command filter in the kernel doesn't allow some as non-root. Certain 
>> people in the kernel community refuse to add these command, the author 
> 
> Actually thats untrue. We've added commands where it is safe to do so and
> we've also repeatedly said to people who wanted to customise the command
> list "send patches". Nobody has.
> 
What patches? Below you reject the idea of specifying processes I trust 
to write individual devices, any patch to add commands to the allowed 
commands table in a running system could hardly be safer, and the table 
applies to all processes and CD devices, while I propose matching g+rw 
on the device with eGID of the process at open and setting some "trust" 
flag. That allows me to trust only a single device to a single process.

>> The right answer would be to have the kernel provide a way such as group 
>> id, so I could identify devices and programs I trust with each other. 
> 
> That doesn't work. If you give a process access to a CD it can change the
> firmware which means next reboot it controls the system. Thus the only
> logical thing you can give it is pretty much "all powers"

Anyone who puts anything ahead of the disk in the boot sequence is 
asking to leave a media in a drive at next boot. Stupidity, like virtue, 
is its own reward.


-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot