Date: Sat, 17 Aug 96 07:52:03 EDT From: eischen@vigrid.com (Daniel Eischen) To: bwithrow@BayNetworks.com, joerg_wunsch@uriah.heep.sax.de Cc: hackers@FreeBSD.org, xmcd@amb.org Subject: Re: XMCD problem on FreeBSD 2.1.5 Message-ID: <9608171152.AA29949@pcnet1.pcnet.com>
next in thread | raw e-mail | index | archive | help
J Wunsch wrote: > As Robert Withrow wrote: > > > When I run xmcd every attempt to access the cdrom yields: > > > > CD audio: ioctl error on /dev/rwcd0c: cmd=CDIOREADTOCENTRYS errno=22 > > That's ``invalid argument''. Check the arguments to the ioctl call, > or better, check the ioctl implementation in the wcd driver. > > > And this is how xmcd is installed: > > > > -rws--x--x 1 root bin 1508034 Jul 10 05:26 /usr/X11R6/bin/xmcd > > It's a potential security hole. Since xmcd doesn't have to use raw > SCSI commands in FreeBSD, but can get at the CD-ROM device with > comfortable ioctl's, there's no need for running it setuid. As you > can see, its suidness won't help for broken drivers either. :) Maybe we should change the port to use the ioctl method instead of the SCSI pass-thru method? Then we can install it without setuid... Dan Eischen eischen@pcnet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9608171152.AA29949>