Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 68380 - K3b refuses to burn after upgrading kernel to 2.6.9
Summary: K3b refuses to burn after upgrading kernel to 2.6.9
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal
Assignee: Gentoo KDE team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-21 05:05 UTC by Jurek Bartuszek (RETIRED)
Modified: 2004-10-23 23:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jurek Bartuszek (RETIRED) gentoo-dev 2004-10-21 05:05:25 UTC
Here is the error output from k3b:

System
-----------------------
K3b Version:0.11.17 
KDE Version: 3.3.0
QT Version: 3.3.3

cdrecord
-----------------------
/usr/bin/cdrecord: Warning: Running on Linux-2.6.9-gentoo
/usr/bin/cdrecord: There are unsettled issues with Linux-2.5 and newer.
/usr/bin/cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris.
/usr/bin/cdrecord: Warning: Linux-2.6.8 introduced incompatible interface changes.
/usr/bin/cdrecord: Warning: SCSI transport does no longer work for suid root programs.
/usr/bin/cdrecord: Warning: if cdrecord fails, try to run it from a root account.
scsidev: '/dev/ide/host0/bus1/target0/lun0/cd'
devname: '/dev/ide/host0/bus1/target0/lun0/cd'
scsibus: -2 target: -2 lun: -2
Warning: Open by 'devname' is unintentional and not supported.
Linux sg driver version: 3.5.27
SCSI buffer size: 64512
/usr/bin/cdrecord: Cannot allocate memory. Cannot get SCSI I/O buffer.
Cdrecord-Clone 2.01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 J
Comment 1 Jurek Bartuszek (RETIRED) gentoo-dev 2004-10-21 05:05:25 UTC
Here is the error output from k3b:

System
-----------------------
K3b Version:0.11.17 
KDE Version: 3.3.0
QT Version: 3.3.3

cdrecord
-----------------------
/usr/bin/cdrecord: Warning: Running on Linux-2.6.9-gentoo
/usr/bin/cdrecord: There are unsettled issues with Linux-2.5 and newer.
/usr/bin/cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris.
/usr/bin/cdrecord: Warning: Linux-2.6.8 introduced incompatible interface changes.
/usr/bin/cdrecord: Warning: SCSI transport does no longer work for suid root programs.
/usr/bin/cdrecord: Warning: if cdrecord fails, try to run it from a root account.
scsidev: '/dev/ide/host0/bus1/target0/lun0/cd'
devname: '/dev/ide/host0/bus1/target0/lun0/cd'
scsibus: -2 target: -2 lun: -2
Warning: Open by 'devname' is unintentional and not supported.
Linux sg driver version: 3.5.27
SCSI buffer size: 64512
/usr/bin/cdrecord: Cannot allocate memory. Cannot get SCSI I/O buffer.
Cdrecord-Clone 2.01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 Jörg Schilling
TOC Type: 0 = CD-DA
Using libscg version 'schily-0.8'.
Driveropts: 'burnfree'

cdrecord comand:
-----------------------
/usr/bin/cdrecord -v gracetime=2 dev=/dev/ide/host0/bus1/target0/lun0/cd speed=52 -raw96r driveropts=burnfree -eject -overburn -useinfo -pad -shorttrack -audio /tmp/kde-koxta/k3b_audio_0_01.inf 

Reproducible: Always
Steps to Reproduce:
1. Run k3b
2. Add some files to the project
3. Try to burn the CD

Actual Results:  
cdrecord failure

Expected Results:  
Burn the cd

Portage 2.0.51 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.4.20040808-r1,
2.6.9-gentoo i686)
=================================================================
System uname: 2.6.9-gentoo i686 Intel(R) Pentium(R) 4 CPU 3.40GHz
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]    
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.14.90.0.8-r1
Headers:  sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r5
ACCEPT_KEYWORDS="x86"           
AUTOCLEAN="yes"                 
CFLAGS="-Os -march=pentium4 -pipe"
CHOST="i686-pc-linux-gnu"       
COMPILER=""                     
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-Os -march=pentium4 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs candy ccache distlocks sandbox"
GENTOO_MIRRORS="http://src.gentoo.pl"
MAKEOPTS="-j3"                  
PKGDIR="/usr/portage/packages"  
PORTAGE_TMPDIR="/var/tmp"       
PORTDIR="/usr/portage"          
PORTDIR_OVERLAY=""              
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow X aalib acpi acpi4linux alsa arts audiofile autofs avi berkdb bidi
bitmap-fonts cdparanoia cdr crypt cups devfs dga divx4linux doc dvb dvd dvdr
encode escreen esd f77 fbcon flac flash foomaticdb gdbm gif gimpprint gphoto2
gpm gtk gtk2 imlib ipv6 java jpeg kadu-modules kadu-voice kde libg++ libwww lirc
mad md5sum mikmod mmx motif mozilla mpeg ncurses nls oggvorbis opengl oss pam
pcmcia pda pdflib perl png pnp ppds python qt quicktime readline ruby samba
scanner sdl slang spell sse ssl svga tcltk tcpd tiff truetype type1 usb videos
vim-with-x wxwindows x86 xine xml xml2 xmms xprint xv xvid zlib linguas_pl"
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2004-10-21 06:10:51 UTC
scsi-emulation is removed from 2.6.9 afaik, workaround: go back to 2.6.8

Could the kernel herd verify and give some input, please? I'm still using 2.4.x and only toast a knoppix occassionally.
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2004-10-21 07:44:29 UTC
The logs posted don't suggest that SCSI emulation is in use - just direct ATAPI burning. Is your cdrecord suid root?
Comment 4 Jurek Bartuszek (RETIRED) gentoo-dev 2004-10-21 09:39:49 UTC
koxta@hell koxta $ ls -la `which cdrecord`
-rws--x--x  1 root root 284956 wrz 14 23:04 /usr/bin/cdrecord

Yup.
Comment 5 Daniel Drake (RETIRED) gentoo-dev 2004-10-21 11:53:21 UTC
I don't know then, sorry. I can't test since my cdwriter is broken :(
Comment 6 Marc Ballarin 2004-10-23 09:15:56 UTC
That's again the bogus SCSI command filtering from 2.6.8. (It had been backed out in gentoo-dev-sources-2.6.8-r3).

IMO this is a fundamental issue, that needs to be adressed by Gentoo. It seems, that the major kernel developers do not care.

There are several choices:
1. make all trusted recording applications setuid root and change them not to drop provileges before recording
2. find some other, secure way to grant them CAP_SYS_RAWIO
3. disable command filtering and inform users about the implications (via GLSA?)
4. make the command filter adjustable

Solution 1 is alot of work and might raise more security issues than it solves.
Solution 2 is probably even more difficult.
Solution 3 is very easy (remove two lines of kernel code), but sooner or later someone will destroy firmware on misconfigured systems. And there will be misconfigured systems...
Solution 4 requires more complex patches and will be an uphill battle against the multitude of hardware, non-standard hardware, different firmware versions and different software versions. Most likely, it will never be truly secure.
(Anyway, there is a patch by Peter Jones that allows configuration:
http://marc.theaimsgroup.com/?l=linux-kernel&m=109535727110656&w=2
I've also created a small Python script to configure the filters; in case you are interested.)

BTW: Obviously this is a kernel issue, no KDE issue.
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2004-10-23 09:31:07 UTC
I believe its not a kernel issue - they have decided with reason why only root should have that access (please correct me if I'm wrong, I haven't been following the full story). I think its up to the cd recording applications to work as setuid root correctly.
Comment 8 Daniel Drake (RETIRED) gentoo-dev 2004-10-23 09:32:30 UTC
Also I don't see why solution 1 is a lot of work. I'd presume that applications like cdrecord have a few lines of code which drop the root priveleges if detected..it should only be a matter of removing this?
Comment 9 Marc Ballarin 2004-10-23 11:07:24 UTC
It's a kernel issue, because the kernel's behaviour WRT SCSI command changed without warning or consultation. Even Alan Cox, who demanded the filter in the first place seemed mildly suprised on the speed and (lack of) quality of the implementation.
The permitted commands (in 2.6.9) are already insecure, but still not sufficient to record CDs. This filter is a pointless approach.

A small summary:
kernels <2.6.8:
As soon as you have *read* access to a device node, you can issue *any* SCSI command. Obviously, this is insecure if untrusted users are given read access, since it allows them to overwrite a drive's firmware or initiate low-level formatting. However, this is the behaviour applications rely on.

kernel 2.6.8:
Only commands from a whitelist can be issued. Some are allowed when the device node is opened read-only, others require write access, the rest requires CAP_SYS_RAWIO privileges.

kernel 2.6.9:
The whitelist has been extended; this time even with some testing! However, the list still applies to all devices (hard-disks, tapes, CD-ROM/R/RW, DVD-ROM/+R/-R/+RW/-RW).

Solution 1 is difficult, because writing and designing complex applications that are safe for setuid operation is almost impossible. Don't tell me that you want to run k3b setuid root!
It has been the general security rule for years to minimize setuid-root applications and not to create new ones that are even more complex.

cdrecord is designed for setuid operation, but even there a severe security vulnerabilty has been identified after years of development and review.
On Linux cdrecord >2.0 only uses root privileges to lock memory and get real time priorities. On Solaris, it obviously acts different, however it's author seemed pretty pissed by this unannounced change in the kernel. I don't know, if he will adopt cdrecord any time soon.
So, at the moment it is up to the distributors to find a solution. Maybe something like Solution 2 could be implemented with resmgr (http://rechner.lst.de/~okir/resmgr/) and Peter Jones' Patch.
Comment 10 Greg Kroah-Hartman (RETIRED) gentoo-dev 2004-10-23 23:06:40 UTC
This is not a kernel issue, but a userspace issue.  I'm closing this because 
of this.  If you want to reopen it, please reassign it to the userspace
application that you are having problems with.