| 1 |
M. Edward Borasky posted <1098606984.29939.4.camel@6-allhosts>, excerpted |
| 2 |
below, on Sun, 24 Oct 2004 01:36:25 -0700: |
| 3 |
|
| 4 |
> On Sat, 2004-10-23 at 21:36, Lindsay Haisley wrote: |
| 5 |
>> I worked around my cdda2wav problem by using the paranoia lib |
| 6 |
>> ("-paranoia" option to cdda2wav). Apparently the problem is in the |
| 7 |
>> cdda2wav's routines. |
| 8 |
>> |
| 9 |
>> |
| 10 |
> My problems are more fundamental than that. "cdrecord" isn't functioning |
| 11 |
> with 2.6.8 and 2.6.9 kernels. I just backed out "cdrecord-prodvd", since I |
| 12 |
> don't have a DVD writer, and I've dropped back to a 2.4 kernel because |
| 13 |
> "cdrecord" issues all sorts of warnings. |
| 14 |
|
| 15 |
Well, more accurately, it's functional, but there were potential security |
| 16 |
issues (like the ability of any non-root person or task to erase entire |
| 17 |
disks, just by issuing the correct SCSI command!) with some of the SCSI |
| 18 |
commands used in CD/DVD burning. Over time, each command will have to be |
| 19 |
gone over and added to a "safe" or "unsafe" list, and the kernel adjusted |
| 20 |
accordingly. However, for the time being, whole classes of necessary |
| 21 |
functions were restricted to root-only (*NOT* available from SETUID apps |
| 22 |
like cdrecord and friends often are). |
| 23 |
|
| 24 |
Thus, one may choose to remain vulnerable to this and other security |
| 25 |
problems, or one can choose to restrict burning to root for the time being. |
| 26 |
|
| 27 |
That's the stock kernel, which I BTW run. Some of the later Gentoo |
| 28 |
kernels have been patched to return to earlier insecure functionality. |
| 29 |
However, I haven't tracked which ones since I use a kernel.org kernel |
| 30 |
anyway, procuring it directly off of there, rather than using a Gentoo |
| 31 |
kernel ebuild. |
| 32 |
|
| 33 |
-- |
| 34 |
Duncan - List replies preferred. No HTML msgs. |
| 35 |
"They that can give up essential liberty to obtain a little |
| 36 |
temporary safety, deserve neither liberty nor safety." -- |
| 37 |
Benjamin Franklin |
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-desktop@g.o mailing list |
Archives