Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)
From: Luke Kenneth Casson Leighton (lkcl_at_lkcl.net)
Date: 10/04/04
- Previous message: Jens Axboe: "Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives"
- Next in thread: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
- Reply: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 4 Oct 2004 14:53:26 +0100 To: 274860@bugs.debian.org
found it.
it's a new piece of kernel code verify_command in
drivers/block/scsi_ioctl.c, which checks for the capability
CAP_SYS_RAWIO.
ah, dammit.
for k3b to work, you'd have to install it setuid root, call
getcap(), remove all but the necessary capabilities (i.e. don't
remove CAP_SYS_RAWIO), do a setfsuid() and setfsgid() and do
a setcap().
fuse (file system in userspace) uses this technique for allowing
mount and unmount but nothing else
[which doesn't work on 2.6.8 btw: the getcap() fails, but i did notice
that debian doesn't install fusermount as setuid to root which is half
the problem...]
l.
On Mon, Oct 04, 2004 at 02:10:14PM +0100, Luke Kenneth Casson Leighton wrote:
> additional info:
>
> kernel 2.6.8. ioctl ("/dev/hdc", CDROM_SEND_PACKET, cmd)
>
> commands that are failing as non-root, even when permission is granted
> rwxrwxrwx to /dev/hdc, are, according to some debug info added to k3b:
>
> GET CONFIGURATION (46)
> error code: 0
> sense key: NO SENSE (2)
> asc: 0
> ascq: 0
>
> and:
>
> MODE SELECT (55)
> error code: 0
> sense key: NO SENSE (2)
> asc: 0
> ascq: 0
>
> the result is that k3b cannot determine that the drive exists, therefore
> it cannot use it even though cdrecord might actually work.
>
>
> as root, the following errors occur:
>
> MODE SELECT (46)
> errorcode: 70
> sense key: ILLEGAL REQUEST (5)
> asc: 26
> ascq: 0
>
> READ DVD STRUCTURE (ad)
> errorcode: 70
> sense key: NOT READY (2)
> asc: 3a
> ascq: 0
>
> presumably it can be concluded that the GET CONFIGURATION ioctl command
> is the one at fault.
>
> ... what gives?
>
> l.
>
> --
> --
> Truth, honesty and respect are rare commodities that all spring from
> the same well: Love. If you love yourself and everyone and everything
> around you, funnily and coincidentally enough, life gets a lot better.
> --
> lkcl.net <br />
> <a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />
>
> --
> --
> Truth, honesty and respect are rare commodities that all spring from
> the same well: Love. If you love yourself and everyone and everything
> around you, funnily and coincidentally enough, life gets a lot better.
> --
> lkcl.net <br />
> <a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />
>
-- -- Truth, honesty and respect are rare commodities that all spring from the same well: Love. If you love yourself and everyone and everything around you, funnily and coincidentally enough, life gets a lot better. -- <a href="http://lkcl.net"> lkcl.net </a> <br /> <a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br /> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Jens Axboe: "Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives"
- Next in thread: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
- Reply: Jens Axboe: "Re: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
