Matthias Schwarzott <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Wed, 05 Sep 2007 11:38:52 +0200:
> On Mittwoch, 5. September 2007, Rémi Cardona wrote: >> Maybe some of those groups could be merged (cdrom, cdrw) or dropped >> (tape maybe?) >> > I guess this is ok, as for normal burning cdrom for now does grant all > permissions. > Only questionable thing is: Isn't a user with write permission to cdroms > able to modify firmware ... ? There is... or used to be anyway... additional security implications here. udev is close enough to the kernel that perhaps you know all about the below and are already considering whatever implications remain in current kernels, but if not, getting kernel and/or security involved in this may be useful. I don't know what current status is on this, thus the suggestion to involve security/kernel, but: 2.6.8 and CD recording (LWN.net, 2004, Aug 18) http://lwn.net/Articles/98379/ SCSI command filtering (LWN.net, 2006, July 31) http://lwn.net/Articles/193516/ The gist of which is that under certain circumstances, users with CD/DVD write permissions may be able to scramble other SCSI devices as well. With libata SCSI emulated SATA and PATA, that's potentially any hard drive on a modern system. Shades of malware that holds your data for ransom ("Wire me $1000 and I'll email you the unlock password."), anyone? -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- [EMAIL PROTECTED] mailing list
