Home page logo

bugtraq logo Bugtraq mailing list archives

Volume manager & CD-ROM
From: sep () BETA NIIMM SPB SU (Serge E. Pick)
Date: Tue, 19 Aug 1997 17:03:41 +0400

Some times ago I tried to read
Video & Audio data from CD-ROM
on SS20 under Solaris 2.4

So, I have detected an interesting feature.

I read data from device, managed by vold (volume manager),
i.e. /vol/dev/aliases/cdrom0 (or /vol/dev/rdsk/c0tX/<cd-name>).
Any user can access this device and change parameters of this one
through ioctl() call.

If you are not careful, you can corrupt CD-ROM management service.
When you work with normal filesystem on CD-ROM, block size of
this device is 512 bytes. But to work with Audio or Video CD,
it is necessary to change block size to 2336 or 2352 bytes.

Tis message contain an simple programm to change block size on
CD-ROM device.
To make service down, make:
    gcc -o setblk setblk.c
    ./setblk 2336

Eject can be runned by any user too. After that try to
put CD-ROM in again. You will see on console:
    incomplete reading -- retrying.
After some retryings it will be the message:
    incomplete reading -- giving up.
And CD-rom will be ejected.

To restore service, you have to do (us root):
1. /etc/rc2.d/S92volmgt stop
2. Put CD-ROM in drive (it is not necessary to be a root ;-)
3. /etc/rc2.d/S92volmgt start

After that block size will be restored to 512.

Without eject, it will be unable to read any data from files,
replaced on CD-ROM, if block mode is not equal to 512.

So, any user can prevent a normal work of system!

Serge E. Pick (QuickPick)
  _    _    _  __________________________________
 (_   (_   |_) mailto: sep () niimm spb su       __/
  _)  (_   |   http://www.niimm.spb.su/~sep/ __/

  By Date           By Thread  

Current thread:
  • Volume manager & CD-ROM Serge E. Pick (Aug 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]