Date: Sat, 16 Oct 2004 07:43:18 +1000 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: "Daniel O'Connor" <doconnor@gsoft.com.au> Cc: freebsd-current@freebsd.org Subject: Re: atapicam(4) as KLD? Message-ID: <20041015214318.GS83620@cirb503493.alcatel.com.au> In-Reply-To: <200410152048.44173.doconnor@gsoft.com.au> References: <20041013205141.GA874@galgenberg.net> <416EE19D.50400@mac.com> <20041015100633.GA45863@cirb503493.alcatel.com.au> <200410152048.44173.doconnor@gsoft.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2004-Oct-15 20:48:35 +0930, Daniel O'Connor wrote:
>cdrecord et al talk to the writer directly via xpt and pass, so if you want to
>allow non-root users to burn CD/DVDs you need to allow them access to pass
>and xpt (which is pretty bad from a security point of view..)
It seems I got confused by an error message. The dvdauthor tools
(dvd+rw-*) use /dev/cd* and I get errors like:
server% dvd+rw-format /dev/cd0c
* DVD±RW/-RAM format utility by <appro@fy.chalmers.se>, version 4.10.
:-( unable to open("/dev/cd0c"): Permission denied
server%
Studying a ktrace, it seems that all it uses /dev/cd0c for it to issue
a CAMGETPASSTHRU and then it opens /dev/passN but when that fails, it
issues the above error message :-(. Changing the permissions on
/dev/pass0 as well makes it work.
>It sucks having to choose between features (growisofs, cdrecord, cdda2wav) and
>security (burncd)
Since you can identify the pass/xpt/cd device associated with the ATAPI
device, it should be safe to make those devices world or group writable
even if there are other SCSI devices on the system.
--
Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041015214318.GS83620>