1. Introduction 1.1. Project/Component Working Name: Update to Brasero 2.25.x 1.2. Name of Document Author/Supplier: Lin Ma 1.3. Date of This Document: Mar/05/09 1.4. Name of Major Document Customer(s)/Consumer(s): 1.4.1. The PAC or CPT you expect to review your project: Solaris PAC 1.4.2. The ARC(s) you expect to review your project: LSARC 1.4.3. The Director/VP who is "Sponsoring" this project: robert.odea@sun.com 1.4.4. The name of your business unit: OPG / OpenSource 1.5. Email Aliases: 1.5.1. Responsible Manager: leo.binchy@Sun.COM 1.5.2. Responsible Engineer: lin.ma@Sun.COM 1.5.3. Marketing Manager: glynn.foster@sun.com 1.5.4. Interest List: desktop-discuss@opensolaris.org 4. Technical Description: 4.1. Details: Refer to LSARC 2008/548 for background on brasero. This case modifies the way brasero works with RBAC. Brasero makes use of the profile Console User' so that it is only available to the console user who is the default owner of scsi devices. It delivers brasero media library which uses uscsi(7I) to gather devices/media information, e.g. speed, capacity, etc. Any applications which depend on brasero media library have to handle the required privileges or follow what brasero does. According to privileges(5), brasero media library needs the following privileges to send ioctl(2) commands to scsi devices: - PRIV_SYS_DEVICES Add the following line to the file prof_attr(4) and exec_attr(4). Make console user has 'Desktop CD User' profile by default. prof_attr: Desktop Removable Media User:::Access removable media for desktop user: Console User::::profiles=Desktop Removable Media User exec_attr: Desktop Removable Media User:solaris:cmd:::/usr/bin/brasero:privs=sys_devices If HAL team is about to add better fine-grained privileges "uscsi_full" and "uscsi_user" for scsi access, brasero's configuration will change to using the new privileges once they become available. 4.2. Bug/RFE Number(s): 6770524 4.5. Interfaces Changes: |---+-------------------------+-------------+-----------------------| | | Imported | Stability | Comments | |---+-------------------------+-------------+-----------------------| | + | /etc/security/exec_attr | Committed | | |---+-------------------------+-------------+-----------------------| | + | /etc/security/prof_attr | Committed | | |---+-------------------------+-------------+-----------------------| |---+----------------------------------------+---------------+---------------| | | Exported | Stability | Comments | |---+----------------------------------------+---------------+---------------| | ! | All brasero backends | Private | Brasero | | | /usr/lib/brasero/plugins/*.so | | backends | |---+----------------------------------------+---------------+---------------| | + | /usr/lib/libbrasero-media.so | Consolidation | Brasero media | | | | Private | library [1] | |---+----------------------------------------+---------------+---------------| | + | /usr/lib/pkgconfig/libbrasero-media.pc | Consolidation | | | | | Private | | |---+----------------------------------------+---------------+---------------| | + | /usr/lib/nautilus/extensions-2.0/ | Consolidation | Nautilus | | | libnautilus-brasero-extension.so | Private | extension | |---+----------------------------------------+---------------+---------------| | ! | SUNWgnome-cd-burner | Uncommitted | Package | | ! | SUNWgnome-cd-burner-root | Uncommitted | name | | + | SUNWgnome-cd-burner-devel | Uncommitted | changes | |---+----------------------------------------+---------------+---------------| | - | SUNWbrasero | Obsolete | Old package | | - | SUNWbrasero-root | Uncommitted | names | |---+----------------------------------------+---------------+---------------| [1] The library libbrasero-media.so for accessing scsi devices requires 'sys_devices'. It could be linked with other desktop applications. The consumer applications of this library require gksu to obtain the privilege. 4.7. Admin/Config Impact: Since brasero is only available for console users by default, it doesn't take care of the ownership of a scsi device. If the admin wants to give non-console users the ability to use brasero, he has to append privilege 'file_dac_read' to line 'Desktop CD User/brasero' in exec_attr, like: Desktop CD User:solaris:cmd:::/usr/bin/brasero:privs=sys_devices,file_dac_read 4.11. Security Impact: A not Privilege Awareness(NPA) command excuted by the user (who has 'Primary Administrator' profile) with gksu(1) will be matched the line: Primary Administrator:suser:cmd:::*:uid=0;gid=0 which will become a root process. This causes issue found in CR#6749728 eject function doesn't work. A workaround is to add the following line to exec_attr(4): Primary Administrator:solaris:cmd:::/usr/bin/brasero:privs=sys_devices A normal user who doesn't have "Desktop CD User" profile will be prompted by inputing root password, if the password is correct, then brasero process becomes a root process and will have the same problem. There is no solution for this case. 5. Reference Documents: LSARC 2008/548 Brasero 0.8.x PSARC 1999/214 Removable Media Support PSARC 2000/490 libsmedia server PSARC 2001/771 libsmedia Enhancement RFE - 6770524 More information about Brasero can be found at these locations: http://www.gnome.org/projects/brasero http://www.gnomefiles.org/app.php/Brasero