Date Sat 01 January 2005 Tags linux

There’s an issue surrounding recent (2.6.8 and newer) Linux kernels and CD burning. This Gentoo forum thread summarizes the technicalities. Basically, up until 2.6.7, everybody with read rights to a device was allowed to send control messages to it, and thus (for example) overwrite an IDE hard drive’s firmware, which is (obviously) undesirable.. In 2.6.8, a patch was introduced to fix this. This patch was a bit overzealous and disabled all control commands that aren’t obviously harmless, including those used for burning CDs.

The downside to this is that people who want to simply burn CDs and don’t have potentially malicious local users on their computers every day are out of luck: Until the related function in the kernel (called verify_command, in drivers/block/scsi_ioctl.c) is being more and more refined to allow what’s safe, CD burning simply will not work. For example with kernel 2.6.10, it still does not work as it used to, at least not with Debian sarge’s versions of k3b and cdrecord.

The attached Simple CD burning in Linux and the Real World(tm) against 2.6.10’s drivers/block/scsi_ioctl.c basically reverts everything to the pre-2.6.8 situation. It gives everyone with sufficient rights to open a file descriptor on a device the right to send any ioctl, which is potentially dangerous, but more convenient than the current mess.