From owner-freebsd-hackers  Fri Aug 16 14:21:52 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA18994
          for hackers-outgoing; Fri, 16 Aug 1996 14:21:52 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA18964
          for <hackers@FreeBSD.org>; Fri, 16 Aug 1996 14:21:46 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id XAA25996; Fri, 16 Aug 1996 23:21:43 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id XAA27635; Fri, 16 Aug 1996 23:21:43 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id XAA07834; Fri, 16 Aug 1996 23:17:57 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199608162117.XAA07834@uriah.heep.sax.de>
Subject: Re: XMCD problem on FreeBSD 2.1.5
To: bwithrow@BayNetworks.com (Robert Withrow)
Date: Fri, 16 Aug 1996 23:17:57 +0200 (MET DST)
Cc: xmcd@amb.org, hackers@FreeBSD.org
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199608161926.PAA07167@tuva.engeast.baynetworks.com> from Robert Withrow at "Aug 16, 96 03:26:04 pm"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

As Robert Withrow wrote:

> When I run xmcd every attempt to access the cdrom yields:
> 
> CD audio: ioctl error on /dev/rwcd0c: cmd=CDIOREADTOCENTRYS errno=22

That's ``invalid argument''.  Check the arguments to the ioctl call,
or better, check the ioctl implementation in the wcd driver.

> And this is how xmcd is installed:
> 
> -rws--x--x  1 root  bin  1508034 Jul 10 05:26 /usr/X11R6/bin/xmcd

It's a potential security hole.  Since xmcd doesn't have to use raw
SCSI commands in FreeBSD, but can get at the CD-ROM device with
comfortable ioctl's, there's no need for running it setuid.  As you
can see, its suidness won't help for broken drivers either. :)

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)