Date: Sat, 17 Aug 1996 17:50:19 -0700 (PDT) From: xmcd@bazooka.amb.org (Xmcd Admin) To: eischen@vigrid.com (Daniel Eischen) Cc: bwithrow@BayNetworks.com, joerg_wunsch@uriah.heep.sax.de, hackers@FreeBSD.org, xmcd@bazooka.amb.org Subject: Re: XMCD problem on FreeBSD 2.1.5 Message-ID: <9608180050.AA20324@bazooka.amb.org> In-Reply-To: <9608171152.AA29949@pcnet1.pcnet.com> from "Daniel Eischen" at Aug 17, 96 07:52:03 am
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Eischen writes: > J Wunsch wrote: > > As Robert Withrow wrote: > > > > > When I run xmcd every attempt to access the cdrom yields: > > > > > > CD audio: ioctl error on /dev/rwcd0c: cmd=CDIOREADTOCENTRYS errno=22 > > > > That's ``invalid argument''. Check the arguments to the ioctl call, > > or better, check the ioctl implementation in the wcd driver. > > > > > And this is how xmcd is installed: > > > > > > -rws--x--x 1 root bin 1508034 Jul 10 05:26 /usr/X11R6/bin/xmcd > > > > It's a potential security hole. Since xmcd doesn't have to use raw > > SCSI commands in FreeBSD, but can get at the CD-ROM device with > > comfortable ioctl's, there's no need for running it setuid. As you > > can see, its suidness won't help for broken drivers either. :) > > Maybe we should change the port to use the ioctl method instead > of the SCSI pass-thru method? > > Then we can install it without setuid... Xmcd should be quite secure even when the setuid root. I have made sure of it. People usually have uncomfortable reactions when dealing with a setuid program, and I can understand that, but xmcd will revert the uid back to the original user before accessing any files or running any commands. There is a discussion of this in the xmcd README file. Also, since xmcd sources are freely available, you can examine it and see if you can find any potential security holes. I'd be happy to hear any suggestions. While xmcd does support using the CD-audio ioctls under FreeBSD, if you have a SCSI CD-ROM drive you lose a couple of features when running in that mode. Namely, the SCSI pass-through method gives you channel routing and caddy lock/unlock capabilities. You are correct, though, that xmcd does not need to be setuid root if running in the ioctl method. I don't have an explanation for the EINVAL error from the CDIOREADTOCENTRYS ioctl. I don't currently have a FreeBSD system to play with, but Robert Withrow is apparently running in the ioctl method and presumably using a non-SCSI CD-ROM drive. I am not familiar with the wcd driver but if you have the source code you can check the wcdioctl() routine to see why it is choking on the CDIOREADTOCENTRYS ioctl... -Ti -- \\ // XMCD - Motif CD player / CDA - Command line CD player \\/ Ti Kan / AMB Research Laboratories //\ E-mail: xmcd@amb.org // \\ URL: http://sunsite.unc.edu/~cddb/xmcd/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9608180050.AA20324>