1 |
Matthias Schwarzott <zzam@g.o> posted |
2 |
200709051138.53143.zzam@g.o, excerpted below, on Wed, 05 Sep 2007 |
3 |
11:38:52 +0200: |
4 |
|
5 |
> On Mittwoch, 5. September 2007, Rémi Cardona wrote: |
6 |
>> Maybe some of those groups could be merged (cdrom, cdrw) or dropped |
7 |
>> (tape maybe?) |
8 |
>> |
9 |
> I guess this is ok, as for normal burning cdrom for now does grant all |
10 |
> permissions. |
11 |
> Only questionable thing is: Isn't a user with write permission to cdroms |
12 |
> able to modify firmware ... ? |
13 |
|
14 |
There is... or used to be anyway... additional security implications |
15 |
here. udev is close enough to the kernel that perhaps you know all about |
16 |
the below and are already considering whatever implications remain in |
17 |
current kernels, but if not, getting kernel and/or security involved in |
18 |
this may be useful. I don't know what current status is on this, thus |
19 |
the suggestion to involve security/kernel, but: |
20 |
|
21 |
2.6.8 and CD recording (LWN.net, 2004, Aug 18) |
22 |
http://lwn.net/Articles/98379/ |
23 |
|
24 |
SCSI command filtering (LWN.net, 2006, July 31) |
25 |
http://lwn.net/Articles/193516/ |
26 |
|
27 |
The gist of which is that under certain circumstances, users with CD/DVD |
28 |
write permissions may be able to scramble other SCSI devices as well. |
29 |
With libata SCSI emulated SATA and PATA, that's potentially any hard |
30 |
drive on a modern system. Shades of malware that holds your data for |
31 |
ransom ("Wire me $1000 and I'll email you the unlock password."), anyone? |
32 |
|
33 |
-- |
34 |
Duncan - List replies preferred. No HTML msgs. |
35 |
"Every nonfree program has a lord, a master -- |
36 |
and if you use the program, he is your master." Richard Stallman |
37 |
|
38 |
-- |
39 |
gentoo-dev@g.o mailing list |