[paranoia] No generic SCSI device found
Bill Davidsen
davidsen at tmr.com
Sun Feb 4 08:07:24 PST 2001
On Sun, 4 Feb 2001, Jonathan Irwin wrote:
> On Sat, 3 Feb 2001, Bernie Boudet wrote:
>
> > > If you run cdparanoia as a user, make sure the user belongs to the cdrom
> > > group and give rw permissions on /dev/sg0.
> >
> > Yes this is the problem. I set group permissions on /dev/sg0 to rw and
> > it works now - Thanks.
>
> While this will work, it is quite dangerous if the sg driver can see any
> disks: access to /dev/sg* for users will allow them to read / write /
> format any SCSI device attached to the bus (although obviously if they
> only have permissions on /dev/sg0 they can only do nasty things to the first
> device). I usually make the cdparanoia binary (and cdrecord, etc.) setuid
> to root instead, and only allow root to open /dev/sg*, that reduces the
> risk. I suppose it is OK to leave things as they are for a single user
> IDE-only system though.
But it isn't an IDE system, he only did it on one sg device, and it is in
a group just for that reason. Running anything as root allows someone to
take over that process and own the system, and is the most dangerous thing
you can do to open holes in your security.
His approach is by far more secure.
--
bill davidsen <davidsen at tmr.com>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
--- >8 ----
List archives: http://www.xiph.org/archives/
Paranoia homepage: http://www.xiph.org/paranoia/
To unsubscribe from this list, send a message to 'paranoia-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Paranoia
mailing list