Here is the error output from k3b: System ----------------------- K3b Version:0.11.17 KDE Version: 3.3.0 QT Version: 3.3.3 cdrecord ----------------------- /usr/bin/cdrecord: Warning: Running on Linux-2.6.9-gentoo /usr/bin/cdrecord: There are unsettled issues with Linux-2.5 and newer. /usr/bin/cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris. /usr/bin/cdrecord: Warning: Linux-2.6.8 introduced incompatible interface changes. /usr/bin/cdrecord: Warning: SCSI transport does no longer work for suid root programs. /usr/bin/cdrecord: Warning: if cdrecord fails, try to run it from a root account. scsidev: '/dev/ide/host0/bus1/target0/lun0/cd' devname: '/dev/ide/host0/bus1/target0/lun0/cd' scsibus: -2 target: -2 lun: -2 Warning: Open by 'devname' is unintentional and not supported. Linux sg driver version: 3.5.27 SCSI buffer size: 64512 /usr/bin/cdrecord: Cannot allocate memory. Cannot get SCSI I/O buffer. Cdrecord-Clone 2.01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 J
Here is the error output from k3b: System ----------------------- K3b Version:0.11.17 KDE Version: 3.3.0 QT Version: 3.3.3 cdrecord ----------------------- /usr/bin/cdrecord: Warning: Running on Linux-2.6.9-gentoo /usr/bin/cdrecord: There are unsettled issues with Linux-2.5 and newer. /usr/bin/cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris. /usr/bin/cdrecord: Warning: Linux-2.6.8 introduced incompatible interface changes. /usr/bin/cdrecord: Warning: SCSI transport does no longer work for suid root programs. /usr/bin/cdrecord: Warning: if cdrecord fails, try to run it from a root account. scsidev: '/dev/ide/host0/bus1/target0/lun0/cd' devname: '/dev/ide/host0/bus1/target0/lun0/cd' scsibus: -2 target: -2 lun: -2 Warning: Open by 'devname' is unintentional and not supported. Linux sg driver version: 3.5.27 SCSI buffer size: 64512 /usr/bin/cdrecord: Cannot allocate memory. Cannot get SCSI I/O buffer. Cdrecord-Clone 2.01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 Jörg Schilling TOC Type: 0 = CD-DA Using libscg version 'schily-0.8'. Driveropts: 'burnfree' cdrecord comand: ----------------------- /usr/bin/cdrecord -v gracetime=2 dev=/dev/ide/host0/bus1/target0/lun0/cd speed=52 -raw96r driveropts=burnfree -eject -overburn -useinfo -pad -shorttrack -audio /tmp/kde-koxta/k3b_audio_0_01.inf Reproducible: Always Steps to Reproduce: 1. Run k3b 2. Add some files to the project 3. Try to burn the CD Actual Results: cdrecord failure Expected Results: Burn the cd Portage 2.0.51 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.9-gentoo i686) ================================================================= System uname: 2.6.9-gentoo i686 Intel(R) Pentium(R) 4 CPU 3.40GHz Gentoo Base System version 1.4.16 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.14.90.0.8-r1 Headers: sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-Os -march=pentium4 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-Os -march=pentium4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs candy ccache distlocks sandbox" GENTOO_MIRRORS="http://src.gentoo.pl" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X aalib acpi acpi4linux alsa arts audiofile autofs avi berkdb bidi bitmap-fonts cdparanoia cdr crypt cups devfs dga divx4linux doc dvb dvd dvdr encode escreen esd f77 fbcon flac flash foomaticdb gdbm gif gimpprint gphoto2 gpm gtk gtk2 imlib ipv6 java jpeg kadu-modules kadu-voice kde libg++ libwww lirc mad md5sum mikmod mmx motif mozilla mpeg ncurses nls oggvorbis opengl oss pam pcmcia pda pdflib perl png pnp ppds python qt quicktime readline ruby samba scanner sdl slang spell sse ssl svga tcltk tcpd tiff truetype type1 usb videos vim-with-x wxwindows x86 xine xml xml2 xmms xprint xv xvid zlib linguas_pl"
scsi-emulation is removed from 2.6.9 afaik, workaround: go back to 2.6.8 Could the kernel herd verify and give some input, please? I'm still using 2.4.x and only toast a knoppix occassionally.
The logs posted don't suggest that SCSI emulation is in use - just direct ATAPI burning. Is your cdrecord suid root?
koxta@hell koxta $ ls -la `which cdrecord` -rws--x--x 1 root root 284956 wrz 14 23:04 /usr/bin/cdrecord Yup.
I don't know then, sorry. I can't test since my cdwriter is broken :(
That's again the bogus SCSI command filtering from 2.6.8. (It had been backed out in gentoo-dev-sources-2.6.8-r3). IMO this is a fundamental issue, that needs to be adressed by Gentoo. It seems, that the major kernel developers do not care. There are several choices: 1. make all trusted recording applications setuid root and change them not to drop provileges before recording 2. find some other, secure way to grant them CAP_SYS_RAWIO 3. disable command filtering and inform users about the implications (via GLSA?) 4. make the command filter adjustable Solution 1 is alot of work and might raise more security issues than it solves. Solution 2 is probably even more difficult. Solution 3 is very easy (remove two lines of kernel code), but sooner or later someone will destroy firmware on misconfigured systems. And there will be misconfigured systems... Solution 4 requires more complex patches and will be an uphill battle against the multitude of hardware, non-standard hardware, different firmware versions and different software versions. Most likely, it will never be truly secure. (Anyway, there is a patch by Peter Jones that allows configuration: http://marc.theaimsgroup.com/?l=linux-kernel&m=109535727110656&w=2 I've also created a small Python script to configure the filters; in case you are interested.) BTW: Obviously this is a kernel issue, no KDE issue.
I believe its not a kernel issue - they have decided with reason why only root should have that access (please correct me if I'm wrong, I haven't been following the full story). I think its up to the cd recording applications to work as setuid root correctly.
Also I don't see why solution 1 is a lot of work. I'd presume that applications like cdrecord have a few lines of code which drop the root priveleges if detected..it should only be a matter of removing this?
It's a kernel issue, because the kernel's behaviour WRT SCSI command changed without warning or consultation. Even Alan Cox, who demanded the filter in the first place seemed mildly suprised on the speed and (lack of) quality of the implementation. The permitted commands (in 2.6.9) are already insecure, but still not sufficient to record CDs. This filter is a pointless approach. A small summary: kernels <2.6.8: As soon as you have *read* access to a device node, you can issue *any* SCSI command. Obviously, this is insecure if untrusted users are given read access, since it allows them to overwrite a drive's firmware or initiate low-level formatting. However, this is the behaviour applications rely on. kernel 2.6.8: Only commands from a whitelist can be issued. Some are allowed when the device node is opened read-only, others require write access, the rest requires CAP_SYS_RAWIO privileges. kernel 2.6.9: The whitelist has been extended; this time even with some testing! However, the list still applies to all devices (hard-disks, tapes, CD-ROM/R/RW, DVD-ROM/+R/-R/+RW/-RW). Solution 1 is difficult, because writing and designing complex applications that are safe for setuid operation is almost impossible. Don't tell me that you want to run k3b setuid root! It has been the general security rule for years to minimize setuid-root applications and not to create new ones that are even more complex. cdrecord is designed for setuid operation, but even there a severe security vulnerabilty has been identified after years of development and review. On Linux cdrecord >2.0 only uses root privileges to lock memory and get real time priorities. On Solaris, it obviously acts different, however it's author seemed pretty pissed by this unannounced change in the kernel. I don't know, if he will adopt cdrecord any time soon. So, at the moment it is up to the distributors to find a solution. Maybe something like Solution 2 could be implemented with resmgr (http://rechner.lst.de/~okir/resmgr/) and Peter Jones' Patch.
This is not a kernel issue, but a userspace issue. I'm closing this because of this. If you want to reopen it, please reassign it to the userspace application that you are having problems with.
