1 |
Dale <rdalek1967@×××××.com> wrote: |
2 |
|
3 |
> > In Autumn 2004 this bug was not fixed but the SCSI Linux kernel interface |
4 |
> > was changed in an incompatible way. Now _some_ SCSI commands work as non-root. |
5 |
> > |
6 |
> > SCSI is a try and error protocol and cdrecord checks which commands are working. |
7 |
> > If it is possible to burn with the limuted non-root command set, it _may_ work |
8 |
> > but there is a high risk for buffer underruns. In this case cdrecord believes |
9 |
> > that you own a really dumb burner that does not support most of the nice |
10 |
> > features.... |
11 |
> > |
12 |
> > Jörg |
13 |
|
14 |
> So that I have a better understanding of this, if he is not a member of |
15 |
> the cd/cdrw group then the command would still work as a user? |
16 |
|
17 |
Since the original security bug hass not been fxed, you are able so send |
18 |
a limit set of SCSI commands if you are able to open the device read-only. |
19 |
Libscg opens the devices read/write, so the only effect of such a grup |
20 |
membership is that cdrecord is able to open the device. |
21 |
|
22 |
Jörg |
23 |
|
24 |
-- |
25 |
EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin |
26 |
js@××××××××××××.de (uni) |
27 |
schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/ |
28 |
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |