[paranoia] No generic SCSI device found

Wolfgang Weisselberg weissel at netcologne.de
Sun Feb 4 03:41:23 PST 2001



Hi, Jonathan!

Trying to kill the keyboard, Jonathan Irwin (jmi25 at cam.ac.uk)
produced 1,1K in 30 lines:

> On Sat, 3 Feb 2001, Bernie Boudet wrote:

> > > If you run cdparanoia as a user, make sure the user belongs to the cdrom
> > > group and give rw permissions on /dev/sg0.

> > Yes this is the problem.  I set group permissions on /dev/sg0 to rw and
> > it works now - Thanks.

> While this will work, it is quite dangerous if the sg driver can see any
> disks:  access to /dev/sg* for users will allow them to read / write /
> format any SCSI device attached to the bus (although obviously if they
> only have permissions on /dev/sg0 they can only do nasty things to the first
> device).

True, and remember that you can read e.g. ext2fs and reiserfs
raw, if you know what you are doing[1].  The mtools[2] work
on a raw partition, too...

> I usually make the cdparanoia binary (and cdrecord, etc.) setuid
> to root instead,

... which'll only allow complete root access...

> and only allow root to open /dev/sg*, that reduces the
> risk.

A better way would be to make the cdparanoia, etc. binary
suid 'paranoia' and give the user paranoia access to reading
/dev/sgX, where sgX is your cdrom (or create a new group,
cdromaccess, which contains the group members for general disk
access and paranoia).

Since cdparanoia is *not* secure and not really fit for being
setuid, the worst you can get is the user having read access[3]
to the cdrom and posing as the user paranoia[4] -- which is
practically the same as if you allow all users reading from
the cdrom.

-Wolfgang

[1] After all, the specs *and* the code are legally and easily
    obtainable.  There's even an ext2 driver for Windows...
[2] for use with msdos-FAT or vfat diskettes and partitions.
[3] I doubt it needs *write* access to the device...
[4] and cheating with quotas and the like...

--- >8 ----
List archives:  http://www.xiph.org/archives/
Paranoia homepage: http://www.xiph.org/paranoia/
To unsubscribe from this list, send a message to 'paranoia-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Paranoia mailing list