From owner-freebsd-current@FreeBSD.ORG Fri Oct 15 21:43:22 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C772716A4CE for ; Fri, 15 Oct 2004 21:43:22 +0000 (GMT) Received: from mail21.syd.optusnet.com.au (mail21.syd.optusnet.com.au [211.29.133.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DC7143D39 for ; Fri, 15 Oct 2004 21:43:22 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) i9FLhKO5013246 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 16 Oct 2004 07:43:21 +1000 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])i9FLhKxP049780; Sat, 16 Oct 2004 07:43:20 +1000 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost)i9FLhIlb049779; Sat, 16 Oct 2004 07:43:18 +1000 (EST) (envelope-from pjeremy) Date: Sat, 16 Oct 2004 07:43:18 +1000 From: Peter Jeremy To: "Daniel O'Connor" Message-ID: <20041015214318.GS83620@cirb503493.alcatel.com.au> References: <20041013205141.GA874@galgenberg.net> <416EE19D.50400@mac.com> <20041015100633.GA45863@cirb503493.alcatel.com.au> <200410152048.44173.doconnor@gsoft.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200410152048.44173.doconnor@gsoft.com.au> User-Agent: Mutt/1.4.2i cc: Chuck Swiger cc: freebsd-current@freebsd.org Subject: Re: atapicam(4) as KLD? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 21:43:22 -0000 On Fri, 2004-Oct-15 20:48:35 +0930, Daniel O'Connor wrote: >cdrecord et al talk to the writer directly via xpt and pass, so if you want to >allow non-root users to burn CD/DVDs you need to allow them access to pass >and xpt (which is pretty bad from a security point of view..) It seems I got confused by an error message. The dvdauthor tools (dvd+rw-*) use /dev/cd* and I get errors like: server% dvd+rw-format /dev/cd0c * DVD±RW/-RAM format utility by , version 4.10. :-( unable to open("/dev/cd0c"): Permission denied server% Studying a ktrace, it seems that all it uses /dev/cd0c for it to issue a CAMGETPASSTHRU and then it opens /dev/passN but when that fails, it issues the above error message :-(. Changing the permissions on /dev/pass0 as well makes it work. >It sucks having to choose between features (growisofs, cdrecord, cdda2wav) and >security (burncd) Since you can identify the pass/xpt/cd device associated with the ATAPI device, it should be safe to make those devices world or group writable even if there are other SCSI devices on the system. -- Peter Jeremy