| 1 |
On Sat, 28 Jan 2012 03:07:45 +0200 |
| 2 |
Samuli Suominen <ssuominen@g.o> wrote: |
| 3 |
|
| 4 |
> On 01/28/2012 02:41 AM, Mike Frysinger wrote: |
| 5 |
> > On Friday 27 January 2012 19:18:07 Samuli Suominen wrote: |
| 6 |
> >> On 01/28/2012 02:14 AM, Mike Frysinger wrote: |
| 7 |
> >>> along these lines, why is cdrtools set*id ? if we have a "cdrom" |
| 8 |
> >>> group, and we assign our cdroms/dvdroms to that group, then we |
| 9 |
> >>> already have access control in place and can skip the set*id. |
| 10 |
> >> |
| 11 |
> >> cdrtools can't probe the drives without the binary being setuid, |
| 12 |
> >> or the user belonging to the 'disk' group (and even that is not |
| 13 |
> >> enough in some cases if the permissions vary) |
| 14 |
> > |
| 15 |
> > the drives are owned by the "cdrom" group and have group +rw. so |
| 16 |
> > if the user is in the "cdrom" group, why can't they probe the |
| 17 |
> > drives ? |
| 18 |
> > |
| 19 |
> > "disk" owns the non-removable hard drives. |
| 20 |
> > |
| 21 |
> > $ ls -l /dev/sr0 /dev/sg0 /dev/sg6 |
| 22 |
> > crw-rw---- 1 root disk 21, 0 Jan 6 23:07 /dev/sg0 |
| 23 |
> > crw-rw---- 1 root cdrom 21, 6 Jan 6 23:07 /dev/sg6 |
| 24 |
> > brw-rw---- 1 root cdrom 11, 0 Jan 17 22:28 /dev/sr0 |
| 25 |
> > -mike |
| 26 |
> |
| 27 |
> i dont know why, but it does probe also non-removable disks... it |
| 28 |
> probes per bus, iirc |
| 29 |
> |
| 30 |
> you can try it easily yourself: |
| 31 |
> |
| 32 |
> ssuominen@null ~ $ cdrecord -scanbus |
| 33 |
|
| 34 |
Does user actually need to be able to do this? Doesn't passing dev=... |
| 35 |
directly work? |
| 36 |
|
| 37 |
-- |
| 38 |
Best regards, |
| 39 |
Michał Górny |
Archives