https://bugzilla.novell.com/show_bug.cgi?id=550021
https://bugzilla.novell.com/show_bug.cgi?id=550021#c29
--- Comment #29 from Jörg Schiling 2012-11-26 17:35:06 UTC ---
libscg is a generic SCSI transport library that exists since August 1986.
It is the oldest known generic SCSI interface that allows to send _any_
SCSI command to _any_ type of SCSI device.
Thinking about terms of "CD devices" at this level is a mistake.
Cdrecord and other programs (like e.g. sformat) call libscg to find devices
with matching properties for the specifics of the upper layer program.
sformat looks for different devices than cdrecord, but using the same
low level code in libscg.
Even cdrecord looks for more than just devices that the linux kernel
knows to be "CD type devices".
Libscg also needs to map SCSI type addresses to the non-orthogonal
driver interface set on Linux that even provides more than one single
driver per device. libscg decides which of the available and usable devices
is the best for the operation based on heuristics.
On Solaris, the privileges PRIV_FILE_DAC_READ and PRIV_SYS_DEVICES are needed
to open and use the needed devices to send all SCSI needed commands to all
devices of interest. For Linux SG_IO, PRIV_FILE_DAC_WRITE would also be needed.
"Nothing of this seems relevant to cdrecord." is wrong here, the right
set of privileges on Linux would be the set that allows "cdrecord -scanbus"
to list _all_ SCSI devices - even those that people would not call
CD type devices. In addition, the permission to send _any_ kind of SCSI
command to an open fd is needed.... cdrecord sends a lot of vendor unique
SCSI commands that only cdrecord can identify as "safe for this device".
The Linux kernel is far too dumb to do this and the fact that the Linux
kernel uses a SCSI command filter list requires cdrecord to be able
to tell the linux kernel to ignore this filter list.
BTW: On Solaris, the program "truss" lists the missing privileges in
case of failing syscalls, e.g.:
open64("/dev/rdsk/c0d0p0", O_RDONLY) Err#13 EACCES
[file_dac_read]
On Linux, there is a port from a truss clone called "strace" (strace was
written for SunOS in 1988). I am not sure whether there is a similar feature on
Linux.
But the main problem is still: Linux is missing a user interface that
would allow to gain specific privileges without becomming root. So
discussing the list of privileges only seems to be of theoretical interest.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.