atapicam(4) as KLD?
Peter Jeremy
PeterJeremy at optushome.com.au
Fri Oct 15 14:43:22 PDT 2004
On Fri, 2004-Oct-15 20:48:35 +0930, Daniel O'Connor wrote:
>cdrecord et al talk to the writer directly via xpt and pass, so if you want to
>allow non-root users to burn CD/DVDs you need to allow them access to pass
>and xpt (which is pretty bad from a security point of view..)
It seems I got confused by an error message. The dvdauthor tools
(dvd+rw-*) use /dev/cd* and I get errors like:
server% dvd+rw-format /dev/cd0c
* DVD±RW/-RAM format utility by <appro at fy.chalmers.se>, version 4.10.
:-( unable to open("/dev/cd0c"): Permission denied
server%
Studying a ktrace, it seems that all it uses /dev/cd0c for it to issue
a CAMGETPASSTHRU and then it opens /dev/passN but when that fails, it
issues the above error message :-(. Changing the permissions on
/dev/pass0 as well makes it work.
>It sucks having to choose between features (growisofs, cdrecord, cdda2wav) and
>security (burncd)
Since you can identify the pass/xpt/cd device associated with the ATAPI
device, it should be safe to make those devices world or group writable
even if there are other SCSI devices on the system.
--
Peter Jeremy
More information about the freebsd-current
mailing list