Ubuntu

No need root privileges for update firmware on DVD-ROM

Asked by oneri

I`m download http://binflash.cdfreaks.com/download/1/2/necflash_linux.tgz and new firmware for my DVD-ROM
I try to update firmware from normal user account.
Update firmware completed successfully.

So some questions
1. It`s a normal that the normail user account may update firmware on hardware?
2. can any kill my hardware if it logged as user?
3. it`s a BUG?

thnks...

--------Logs------------

ilia@ubuntu-home:~/Downloads$ ./necflash -scan
Binflash - NEC version - (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com

List of supported devices:

Device : /dev/sg1
Vendor : _NEC
Model : DVD_RW ND-3520AW
Firmware : 3.07
ilia@ubuntu-home:~/Downloads$
ilia@ubuntu-home:~/Downloads$ ./necflash -flash -v -s 307bt_rpc1.bin /dev/sg1
Binflash - NEC version - (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com

Identified drive: 5 - 3034
Detected drive from Firmware: 5

You are about to flash your drive with the following firmware:

Vendor: _NEC
Identification: DVD_RW ND-3520AW
Version: 3.07

Remember no one can be held responsible for any kind of failure!
Are you sure you want to proceed? (y/n) y

Entering safe mode
Sending firmware to drive at 0x006000
Sending firmware to drive at 0x00e000
Sending firmware to drive at 0x016000
Sending firmware to drive at 0x01e000
Sending firmware to drive at 0x026000
Sending firmware to drive at 0x02e000
Sending firmware to drive at 0x036000
Sending firmware to drive at 0x03e000
Sending firmware to drive at 0x046000
Sending firmware to drive at 0x04e000
Sending firmware to drive at 0x056000
Sending firmware to drive at 0x05e000
Sending firmware to drive at 0x066000
Sending firmware to drive at 0x06e000
Sending firmware to drive at 0x076000
Sending firmware to drive at 0x07e000
Sending firmware to drive at 0x086000
Sending firmware to drive at 0x08e000
Sending firmware to drive at 0x096000
Sending firmware to drive at 0x09e000
Sending firmware to drive at 0x0a6000
Sending firmware to drive at 0x0ae000
Sending firmware to drive at 0x0b6000
Sending firmware to drive at 0x0be000
Sending firmware to drive at 0x0c6000
Sending firmware to drive at 0x0ce000
Sending firmware to drive at 0x0d6000
Sending firmware to drive at 0x0de000
Sending firmware to drive at 0x0e6000
Sending firmware to drive at 0x0ee000
Sending firmware to drive at 0x0f6000
Sending firmware to drive at 0x0fe000
Sending checksum to drive
Erasing flash block 2
Erasing flash block 3
Erasing flash block 4
Erasing flash block 5
Erasing flash block 6
Erasing flash block 7
Erasing flash block 8
Erasing flash block 9
Erasing flash block 10
Erasing flash block 11
Erasing flash block 12
Erasing flash block 13
Erasing flash block 14
Erasing flash block 15
Erasing flash block 16
Erasing flash block 17
Erasing flash block 18
Writing flash block 2
Writing flash block 3
Writing flash block 4
Writing flash block 5
Writing flash block 6
Writing flash block 7
Writing flash block 8
Writing flash block 9
Writing flash block 10
Writing flash block 11
Writing flash block 12
Writing flash block 13
Writing flash block 14
Writing flash block 15
Writing flash block 16
Writing flash block 17
Writing flash block 18
Leaving safe mode
ilia@ubuntu-home:~/Downloads$
ilia@ubuntu-home:~/Downloads$ uname -a
Linux ubuntu-home 2.6.32-24-generic #42-Ubuntu SMP Fri Aug 20 14:24:04 UTC 2010 i686 GNU/Linux
ilia@ubuntu-home:~/Downloads$

Ubuntu 10.04 with last updates

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
actionparsnip
Solved:
Last query:
Last reply:
Revision history for this message
Best actionparsnip (andrew-woodhead666) said : 		#1

Can't see you breaking the hardwareif its ran y a user, the app will copy the same data to the same location. Your user does seem to have full access to the device though which is strange. I'd log a bug though. Quite worrying. Maybe the access is required though for day-to-day CD stuffs but I am unsure. Its an interesting one.

Revision history for this message
oneri (oneri-yandex) said : 		#2

I believe that a home user should have access to records DVD and CD drives.
But how to block access to update firmware?

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#3

Yes it should, but it should be an admin task and require sudo. Not sure how to block it personally. Maybe someone else can contribute.

Revision history for this message
oneri (oneri-yandex) said : 		#4

It does not require SUDO - it`s a problem.
all administrative actions requires a password... (sudoer at end)
but command ilia@ubuntu-home:~/Downloads$ ./necflash -flash -v -s 307bt_rpc1.bin /dev/sg1
work without sudo...

ilia@ubuntu-home:/etc$ sudo cat sudoers
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
# %sudo ALL=NOPASSWD: ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
ilia@ubuntu-home:/etc$

Revision history for this message
oneri (oneri-yandex) said : 		#5

Thanks actionparsnip, that solved my question.