[paranoia] No generic SCSI device found
Wolfgang Weisselberg
weissel at netcologne.de
Sun Feb 4 03:41:23 PST 2001
Hi, Jonathan!
Trying to kill the keyboard, Jonathan Irwin (jmi25 at cam.ac.uk)
produced 1,1K in 30 lines:
> On Sat, 3 Feb 2001, Bernie Boudet wrote:
> > > If you run cdparanoia as a user, make sure the user belongs to the cdrom
> > > group and give rw permissions on /dev/sg0.
> > Yes this is the problem. I set group permissions on /dev/sg0 to rw and
> > it works now - Thanks.
> While this will work, it is quite dangerous if the sg driver can see any
> disks: access to /dev/sg* for users will allow them to read / write /
> format any SCSI device attached to the bus (although obviously if they
> only have permissions on /dev/sg0 they can only do nasty things to the first
> device).
True, and remember that you can read e.g. ext2fs and reiserfs
raw, if you know what you are doing[1]. The mtools[2] work
on a raw partition, too...
> I usually make the cdparanoia binary (and cdrecord, etc.) setuid
> to root instead,
... which'll only allow complete root access...
> and only allow root to open /dev/sg*, that reduces the
> risk.
A better way would be to make the cdparanoia, etc. binary
suid 'paranoia' and give the user paranoia access to reading
/dev/sgX, where sgX is your cdrom (or create a new group,
cdromaccess, which contains the group members for general disk
access and paranoia).
Since cdparanoia is *not* secure and not really fit for being
setuid, the worst you can get is the user having read access[3]
to the cdrom and posing as the user paranoia[4] -- which is
practically the same as if you allow all users reading from
the cdrom.
-Wolfgang
[1] After all, the specs *and* the code are legally and easily
obtainable. There's even an ext2 driver for Windows...
[2] for use with msdos-FAT or vfat diskettes and partitions.
[3] I doubt it needs *write* access to the device...
[4] and cheating with quotas and the like...
--- >8 ----
List archives: http://www.xiph.org/archives/
Paranoia homepage: http://www.xiph.org/paranoia/
To unsubscribe from this list, send a message to 'paranoia-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Paranoia
mailing list