1 |
M. Edward Borasky posted <1098606984.29939.4.camel@6-allhosts>, excerpted |
2 |
below, on Sun, 24 Oct 2004 01:36:25 -0700: |
3 |
|
4 |
> On Sat, 2004-10-23 at 21:36, Lindsay Haisley wrote: |
5 |
>> I worked around my cdda2wav problem by using the paranoia lib |
6 |
>> ("-paranoia" option to cdda2wav). Apparently the problem is in the |
7 |
>> cdda2wav's routines. |
8 |
>> |
9 |
>> |
10 |
> My problems are more fundamental than that. "cdrecord" isn't functioning |
11 |
> with 2.6.8 and 2.6.9 kernels. I just backed out "cdrecord-prodvd", since I |
12 |
> don't have a DVD writer, and I've dropped back to a 2.4 kernel because |
13 |
> "cdrecord" issues all sorts of warnings. |
14 |
|
15 |
Well, more accurately, it's functional, but there were potential security |
16 |
issues (like the ability of any non-root person or task to erase entire |
17 |
disks, just by issuing the correct SCSI command!) with some of the SCSI |
18 |
commands used in CD/DVD burning. Over time, each command will have to be |
19 |
gone over and added to a "safe" or "unsafe" list, and the kernel adjusted |
20 |
accordingly. However, for the time being, whole classes of necessary |
21 |
functions were restricted to root-only (*NOT* available from SETUID apps |
22 |
like cdrecord and friends often are). |
23 |
|
24 |
Thus, one may choose to remain vulnerable to this and other security |
25 |
problems, or one can choose to restrict burning to root for the time being. |
26 |
|
27 |
That's the stock kernel, which I BTW run. Some of the later Gentoo |
28 |
kernels have been patched to return to earlier insecure functionality. |
29 |
However, I haven't tracked which ones since I use a kernel.org kernel |
30 |
anyway, procuring it directly off of there, rather than using a Gentoo |
31 |
kernel ebuild. |
32 |
|
33 |
-- |
34 |
Duncan - List replies preferred. No HTML msgs. |
35 |
"They that can give up essential liberty to obtain a little |
36 |
temporary safety, deserve neither liberty nor safety." -- |
37 |
Benjamin Franklin |
38 |
|
39 |
|
40 |
|
41 |
-- |
42 |
gentoo-desktop@g.o mailing list |