k3b will not work as user with 2.6.8.1

tpowa · 2004-08-16 08:27:18

i build the new kernel 2.6.8.1 with the old PKGBUILD from 2.6.7 and config
--> k3b will stop working with 2.6.7 all is fine

see bug entry here:
http://bugs.archlinux.org/?do=details&id=1256

EDIT:
Burning as root does work only user is affected

dp · 2004-08-16 10:25:23

http://kerneltrap.org/node/view/3644

tpowa · 2004-08-16 11:08:02

cdrecord is setuid :-(
i don't change the permissions of it
it's a kernel bug or k3b bug
i've read on bugs.kde.org that 2.6.8rc4 doesn't have this problem ...
strange thing

dp · 2004-08-16 12:46:23

http://www.k3b.org/ -> news:

Do not use Kernel 2.6.8
A patch that was introduced into the kernel shortly before the 2.6.8 release makes K3b and also the dvd+rw-tools unusable on Linux (unless run as root but that is not recommended). The very important GET CONFIGURATION MMC command is rejected by the kernel for reasons I cannot see and writing commands like MODE SELECT also fail (K3b cannot detect CD writers without it) even when the device is opened O_RDWR. Until this issue has been solved I strongly recommend to stick to kernel version 2.6.7.

sarah31 · 2004-08-16 20:53:23

why would you file a bug about a this? it is silly to ask the package maintainers to take care of bugs that don't officially exist yet , as in the 2.6.8 kernel is not an official package so the bug is not a bug. it is a k3b development issue not an arch one.

dp · 2004-08-16 22:01:23

sarah31 wrote:

why would you file a bug about a this? it is silly to ask the package maintainers to take care of bugs that don't officially exist yet , as in the 2.6.8 kernel is not an official package so the bug is not a bug. it is a k3b development issue not an arch one.

can't agree more :-)

... and besides, i think, it's a 2.6.8.1 issue and not k3b

k3b works perfect with the 2.6.7XXXX and the problem came up from 2.6.8-rc4->2.6.8 and stayed in 2.6.8.1

tpowa · 2004-08-17 06:04:32

i simply wanted to warn the users
i think it's better to warn until a lot of users will have trouble
i think most people use k3b to burn cds if they do not use the command line
i flagged out the kernel package 3 days ago and don't know when judd release it so i tested it if it's true and posted this bug
bye

tpowa · 2004-08-17 07:54:39

the new mm1 kernel contains the bug too

delmonico · 2004-08-17 11:38:31

Solution for 2.6.8: http://marc.theaimsgroup.com/?l=linux-k … 604538&w=2
quick'n'dirty hack

tpowa · 2004-08-17 12:11:46

> This patch restores the behaviour of previous kernels, security issues included:

Like allowing any user to erase your drive firmware. What you could do
which is much more useful is printk the command byte that gets refused
and see if you can pin down what commands are being blocked that
are needed by K3B

Alan Cox

tpowa · 2004-08-17 12:13:53

From K3b Homepage:

Update: The kernel guys are currently fixing the problem so the next kernel release should work again.

dp · 2004-08-17 13:15:59

i find it great that we are warned - great job for all the provided infos

but please close the bug against k3b with "not a bug", because
1) the 2.6.8.1 is not yet a pkg
2) it's the kernel and not k3b that causes trouble

sarah31 · 2004-08-17 15:21:24

oh and just to be a jerk .... [lecture] you should not be able to burn as user anyway. it is a security risk. that is what sudo is for[/lecture]

dp · 2004-08-17 15:33:02

sarah31 wrote:

oh and just to be a jerk .... [lecture] you should not be able to burn as user anyway. it is a security risk. that is what sudo is for[/lecture]

do you burn cds under macOSx as root?

if using a frontend (k3b) it should be able to be run as user and work

writing to hdd is also possible as user :-)

colnago · 2004-08-17 16:09:18

sarah31, I have long wondered what the security problems were in allowing users to burn cds. Do they apply to usb devices too? As dp says, the hdd is a removable storage medium too, only the eject is by turning a screwdriver instead of pushing a button.

I will go look for myself.

OK, so it is the setuid to root that is the risk. For example, here is from the gcombust page:

How do I allow running gcombust as non-root?
This discussion might be Linux centric. If it doesn't apply for your favorite OS, send an addition, meaningless OS-war complaints will be ignored.
gcombust shouldn't be ran as root (running it as root won't make you self-combust, but it's nevertheless a good idea to minimize root usage).
There are two reasons for running cdrecord with root priviligies; 1) real time priority and 2) locking the buffers (so they can't get swapped out). cdrecord can be run without root privligies, but it increases the chance of a buffer underrun. cdrecord also needs read/write access to the cdr-device (for making multisession cd:s mkisofs also needs read access to the device). Please understand that making cdrecord suid root is a security risk.

sarah31 · 2004-08-17 18:48:59

dp wrote:

sarah31 wrote:
oh and just to be a jerk .... [lecture] you should not be able to burn as user anyway. it is a security risk. that is what sudo is for[/lecture]
do you burn cds under macOSx as root?

yes and no. when i am burnming an audio cd from files in itunes no. all other cases yes.

if using a frontend (k3b) it should be able to be run as user and work
writing to hdd is also possible as user :-)

sure most people want to burn as user and i can undderstand that but that does not change the fact that it is insecure. with you apps set to burn as user any schmoe wandering into your room while your computer is on can burn whatever they like including dotfiles, config files and other files that may hold you secrets of life the universe and everything.

like i say i was just being an ass. i don't care what people do. hell when I burn DVDs in linux growisofs is running as user.

dp · 2004-08-17 20:17:36

sarah31 wrote:

sure most people want to burn as user and i can undderstand that but that does not change the fact that it is insecure. with you apps set to burn as user any schmoe wandering into your room while your computer is on can burn whatever they like including dotfiles, config files and other files that may hold you secrets of life the universe and everything.

i don't really have secrets as such (maybe some ideas for some cool projects in molecular biology, but you must at least be student in biology to understand them)

for some reason, a user has also a password - you can lock the screen and rude people (people who do not ask before wanting to use a computer that does not belong to them) will have some difficulties accessing your "secrets"

on the other hand - if the "bad person" comes with an usb-stick, it can be mounted also as user (at least i have rw,users in the fstab for external drives) and the trouble is there

actually, it's a fundamental question: the old "unix-style" is to be paranoic: floppies, extenal drives and everything to be able to export data is limited to root

linux, at least i think, is more "open"... it's not that paranoic and at least on the normal users computer you allow external drives to be used by users --- on the other hand, if someone can run a browser and have a webmail account, this person can export any data it has access to; so you must forbid browsers to users to be "secure"

aCoder · 2004-08-17 21:20:02

but please close the bug against k3b with "not a bug", because
1) the 2.6.8.1 is not yet a pkg

It is now!

dp · 2004-08-17 22:03:00

aCoder wrote:

but please close the bug against k3b with "not a bug", because
1) the 2.6.8.1 is not yet a pkg
It is now!

ok, now the bug has an excuse (but it should be against the kernel and not k3b, because the kernel must be patched)

when i'm creating the kernel26mm, i will patch it to be usable to burn as user (let users burn!!! ;-) )

Comete · 2004-08-26 18:11:10

hi !

i've updated my kernel with the last package release (2.6.8.1-3) on which the patch is applied but it doesn't work either. K3B doesn't detect my IDE DVD burning drive as a user. But it works well as root.
cdrecord, cdrdao and dvdrecord are all set SUID.

Any idea ?

Comete

frobelhof · 2004-10-02 19:59:32

Hi all,

To add some confusion I present the following:

On Desktop, "up to date" with kernel 2.6.8.1 and latest "pacman -Suy" I can burn CD's as any user. There are a cd and DVD burner in the system. On my laptop however, with a self compiled kernel 2.6.8.1 it will not work.

Now that I am typing this, it occurs to me that I got the kernel source from www.kernel.org. Is the arch-kernel patched perhaps? Where would I obtain the patched arch kernel source?

dp · 2004-10-02 23:50:04

frobelhof wrote:

Hi all,
To add some confusion I present the following:
On Desktop, "up to date" with kernel 2.6.8.1 and latest "pacman -Suy" I can burn CD's as any user. There are a cd and DVD burner in the system. On my laptop however, with a self compiled kernel 2.6.8.1 it will not work.
Now that I am typing this, it occurs to me that I got the kernel source from www.kernel.org. Is the arch-kernel patched perhaps? Where would I obtain the patched arch kernel source?

yes, the 2.6.8.1 kernels in arch are patched to behave like a 2.6.7

with patch as separate file: (kernel26)
http://cvs.archlinux.org/cgi-bin/viewcv … ag=CURRENT

or sed in PKGBUILD: (kernel26mm)
http://cvs.archlinux.org/cgi-bin/viewcv … ag=CURRENT

frobelhof · 2004-10-03 08:21:34

dp wrote:

yes, the 2.6.8.1 kernels in arch are patched to behave like a 2.6.7
with patch as separate file: (kernel26)
http://cvs.archlinux.org/cgi-bin/viewcv … ag=CURRENT
or sed in PKGBUILD: (kernel26mm)
http://cvs.archlinux.org/cgi-bin/viewcv … ag=CURRENT

Yeah I found something about this just after I posted, What it comes down to basically (at least what I did) is erase line 196-198 from /usr/src/linux/drivers/block/scsi_ioctl.c and recompile the kernel.

At least this worked for me. (I am not a regular patcher and did not know how to apply one so I figured this would come down to the same. )

dp · 2004-10-03 08:59:16

frobelhof wrote:

dp wrote:
yes, the 2.6.8.1 kernels in arch are patched to behave like a 2.6.7
with patch as separate file: (kernel26)
http://cvs.archlinux.org/cgi-bin/viewcv … ag=CURRENT
or sed in PKGBUILD: (kernel26mm)
http://cvs.archlinux.org/cgi-bin/viewcv … ag=CURRENT
Yeah I found something about this just after I posted, What it comes down to basically (at least what I did) is erase line 196-198 from /usr/src/linux/drivers/block/scsi_ioctl.c and recompile the kernel.
At least this worked for me. (I am not a regular patcher and did not know how to apply one so I figured this would come down to the same. )

exactly! this lines would allow only root to "send" some commands to the cd-rw drive

Arch Linux

#1 2004-08-16 08:27:18

k3b will not work as user with 2.6.8.1

#2 2004-08-16 10:25:23

Re: k3b will not work as user with 2.6.8.1

#3 2004-08-16 11:08:02

Re: k3b will not work as user with 2.6.8.1

#4 2004-08-16 12:46:23

Re: k3b will not work as user with 2.6.8.1

#5 2004-08-16 20:53:23

Re: k3b will not work as user with 2.6.8.1

#6 2004-08-16 22:01:23

Re: k3b will not work as user with 2.6.8.1

#7 2004-08-17 06:04:32

Re: k3b will not work as user with 2.6.8.1

#8 2004-08-17 07:54:39

Re: k3b will not work as user with 2.6.8.1

#9 2004-08-17 11:38:31

Re: k3b will not work as user with 2.6.8.1

#10 2004-08-17 12:11:46

Re: k3b will not work as user with 2.6.8.1

#11 2004-08-17 12:13:53

Re: k3b will not work as user with 2.6.8.1

#12 2004-08-17 13:15:59

Re: k3b will not work as user with 2.6.8.1

#13 2004-08-17 15:21:24

Re: k3b will not work as user with 2.6.8.1

#14 2004-08-17 15:33:02

Re: k3b will not work as user with 2.6.8.1

#15 2004-08-17 16:09:18

Re: k3b will not work as user with 2.6.8.1

#16 2004-08-17 18:48:59

Re: k3b will not work as user with 2.6.8.1

#17 2004-08-17 20:17:36

Re: k3b will not work as user with 2.6.8.1

#18 2004-08-17 21:20:02

Re: k3b will not work as user with 2.6.8.1

#19 2004-08-17 22:03:00

Re: k3b will not work as user with 2.6.8.1

#20 2004-08-26 18:11:10

Re: k3b will not work as user with 2.6.8.1

#21 2004-10-02 19:59:32

Re: k3b will not work as user with 2.6.8.1

#22 2004-10-02 23:50:04

Re: k3b will not work as user with 2.6.8.1

#23 2004-10-03 08:21:34

Re: k3b will not work as user with 2.6.8.1

#24 2004-10-03 08:59:16

Re: k3b will not work as user with 2.6.8.1

Board footer