atapicam(4) as KLD?
Daniel O'Connor
doconnor at gsoft.com.au
Fri Oct 15 19:34:53 PDT 2004
On Sat, 16 Oct 2004 07:13, Peter Jeremy wrote:
> Studying a ktrace, it seems that all it uses /dev/cd0c for it to issue
> a CAMGETPASSTHRU and then it opens /dev/passN but when that fails, it
> issues the above error message :-(. Changing the permissions on
> /dev/pass0 as well makes it work.
>
> >It sucks having to choose between features (growisofs, cdrecord, cdda2wav)
> > and security (burncd)
>
> Since you can identify the pass/xpt/cd device associated with the ATAPI
> device, it should be safe to make those devices world or group writable
> even if there are other SCSI devices on the system.
I think you need write permissions on all 3 (cd, pass, xpt) but xpt grants you
access to the entire bus so that would be bad from a security POV.
Although that said in this specific case the CD writer would be the only thing
on that bus (unless you had >1 on the same chain, but that is not a good idea
for reasons to do with IDE sucking)
Is there a way in devfs/devd to determine which pass and xpt devices are
associated with a given cd device? (my guess is you'd need to run camcontrol
and parse the output..)
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041016/5e231cb7/attachment.bin
More information about the freebsd-current
mailing list