Date: Thu, 18 Mar 2004 21:15:32 +0100
From: Diego Calleja =?ISO-8859-15?Q?Garc=EDa?= <diegocg@teleline.es>
To: Rik van Riel <riel@redhat.com>
Cc: andrea@suse.de, linux-kernel@vger.kernel.org
Subject: Re: 2.6.5-rc1-aa1
Message-Id: <20040318211532.293bb63c.diegocg@teleline.es>
In-Reply-To: <Pine.LNX.4.44.0403181144290.16728-100000@chimarrao.boston.redhat.com>
References: <20040318164253.GO2246@dualathlon.random>
	<Pine.LNX.4.44.0403181144290.16728-100000@chimarrao.boston.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1083
Lines: 24

El Thu, 18 Mar 2004 11:49:52 -0500 (EST) Rik van Riel <riel@redhat.com> escribi?:

> I suspect the security paranoid will like this patch too,
> because it allows gnupg to mlock the memory it wants to
> have locked.

I think it's good for cd-burning too. Currently most of the distros set
the suid bit for cdrecord (wich implies some security bugs). You can
workaround that by changing the devide node's permissions and kill the suid bit:
brw-rw----    1 root     burning     22,   0 2003-05-23 16:41 /dev/cd-rw

but still cdrecord will cry:
cdrecord: Operation not permitted. WARNING: Cannot do mlockall(2).
cdrecord: WARNING: This causes a high risk for buffer underruns.

With that patch desktop users will be able to burn cds without falling into
buffer underruns and without using the suid hack, I guess? Nice work :)

	Diego Calleja
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/