#476414 /usr/bin/brasero: fails burning cdr/rw as non root user (at least audio cd)

Package:
wodim
Source:
cdrkit
Description:
command line CD/DVD writing tool
Submitter:
Droubay Xavier
Date:
2024-02-01 08:00:02 UTC
Severity:
important
#476414#5
Date:
2008-04-16 15:23:26 UTC
From:
To:
*** Please type your report below this line ***

This is a permission problem. A similar "burning" operation using
brasero
fails as normal user and succeed as root user. As I have a bunch  of
installed
packages ( ~ 1465 ), I cannot figure out the impact some permissions
could
issue this problem. However here are few tests I made before posting.
Resuming
my tests, the `fs=XXM' option may be the origin of the problem.


Hint : Before ending my brasero session, I tested manually the
following
command (found in brasero-session.log), succesfully as root, with same
no
luck as normal user.

$ wodim -v  dev=/dev/hdc \
   gracetime=0  speed=6  driveropts=burnfree  \
   -dao \
   fs=16m -audio  -swab  -pad  \
   -useinfo  -text <my-list-of-files.cdr>

I also tried another test, without the option 'fs=16m', successfully as
a normal user.


The following warning/error in brasero-session log file:
   'Cannot get mmap for 16781312 Bytes on /dev/zero.'
might be related to the 'fs=16m' option of failing wodim command line
for
a non root user.


I don't know why the 'fs' FIFO option is explicitely given to wodim in
brasero,
but it might be removed or something to be done elsewhere, so that non
root
user can burn, at least cd audio.

Also, here is the device used for this test :
$ cdrecord --scanbus
scsibus1000:
...
   1000,2,0 100002) 'TOSHIBA ' 'DVD-ROM SD-R2102' '1A16' Removable
CD-ROM
...


Regards, Xavier Droubay

PS: here attached two different failing brasero sessions, one using
'fs=30m' the other 'fs=16m', with respectively the two following error
messages :
stderr: wodim: Operation not permitted. Warning: Cannot raise
RLIMIT_MEMLOCK limits.wodim: Resource temporarily unavailable. Cannot
get mmap for 31461376 Bytes on /dev/zero.
stderr: wodim: Operation not permitted. Warning: Cannot raise
RLIMIT_MEMLOCK limits.wodim: Resource temporarily unavailable. Cannot
get mmap for 16781312 Bytes on /dev/zero.

#476414#10
Date:
2008-04-16 15:44:58 UTC
From:
To:
Hi,

This is a problem with the wodim package then.

Are you sure your user is in the "cdrom" group? You can check this by
opening a terminal and typing "groups".

#476414#15
Date:
2008-04-22 19:10:09 UTC
From:
To:
reassign 476414 wodim
thanks

No problem, I will reassign your bug report to wodim.

#476414#22
Date:
2018-02-28 09:20:03 UTC
From:
To:
I am also exeriencing the same bug (same symptom with k3b BTW which also
uses wodim under the hood).
And yes, I am in group cdrom, so that is not it.

#476414#27
Date:
2018-05-04 17:13:31 UTC
From:
To:
I have this problem when attempting to burn an ISO image to a CD using K3b as
non-root.  Burning as root works fine.  The K3b debug output shows the
following:

Devices
-----------------------
ASUS DRW-24B1ST   i 1.00 (/dev/sr0, CD-R, CD-RW, CD-ROM, DVD-ROM, DVD-R, DVD-
RW, DVD-R DL, DVD+R, DVD+RW, DVD+R DL) [DVD-ROM, DVD-R Sequential, DVD-R Dual
Layer Sequential, DVD-R Dual Layer Jump, DVD-RAM, DVD-RW Restricted Overwrite,
DVD-RW Sequential, DVD+RW, DVD+R, DVD+R Dual Layer, CD-ROM, CD-R, CD-RW] [SAO,
TAO, RAW, SAO/R96P, SAO/R96R, RAW/R16, RAW/R96P, RAW/R96R, Restricted
Overwrite, Layer Jump] [%7]

System
-----------------------
K3b Version: 17.8.3
KDE Version: 5.37.0
Qt Version:  5.10.1
Kernel:      4.15.0-3-amd64

Used versions
-----------------------
cdrecord: 1.1.11

cdrecord
-----------------------
/usr/bin/wodim: Operation not permitted. Warning: Cannot raise RLIMIT_MEMLOCK
limits.
/usr/bin/wodim: Resource temporarily unavailable. Cannot get mmap for 12587008
Bytes on /dev/zero.
TOC Type: 1 = CD-ROM

cdrecord command:
-----------------------
/usr/bin/wodim -v gracetime=2 dev=/dev/sr0 speed=24 -sao driveropts=burnfree -
data -tsize=168960s -



Interestingly, I am amble to burn an ISO image to a DVD as non-root.

Also, as already mentioned, the non-root user is a member of the cdrom group.

#476414#32
Date:
2018-06-30 02:17:32 UTC
From:
To:
To fix this (if your file system supports file capabilities):

1. Install the libcap2-bin package.
2. As root, enter the following command:
	setcap cap_sys_resource=ep /usr/bin/wodim

Note that this enables wodim to override a variety of resource limits,
which is a risk to system security and stability. You might want to
mitigate that risk by only allowing trusted user accounts to execute it.
For example:

	chgrp users /usr/bin/wodim
	chmod o-x /usr/bin/wodim
	setcap cap_sys_resource=ep /usr/bin/wodim

Note also that all of these changes (permissions and file capabilities)
will be reset next time the wodim package is upgraded or reinstalled.
----------------------------------------------------------------------- Ideally, the wodim executable should be given the file capability by a package installation script, and it should drop that privilege early in its execution, right after making its setrlimit call. This would solve the problem while greatly mitigating the risks.
#476414#37
Date:
2024-02-01 07:33:11 UTC
From:
To:
I have a business transaction which I need your assistant, your share will be 50% If interested do contact me for more details.