[byuu]

Yeah, it's pretty nuts having to study the output of camcontrol and /dev, creating a devfs ruleset, adding that to /etc/rc.conf, adding your CD drive into /etc/fstab, and then tweaking a sysctl, just to burn a CD.

I am hard-pressed to think of the security risks involved in a user being able to burn a CD. Short of some kind of highly-confidential server with no internet access, where you'd probably want the whole machine inside a locked cage anyway.

[toast0]

There's a cd in the tray, but we don't know who put it there. Maybe if you're logged in on a specific terminal?

I could contrive some scenarios where it would be undesirable though: Maybe if there's a rewritable (or not finalized write once) disc also in the system for something important? Let's say, a diskless system without pxe support, so it boots from a cd drive, but doesn't mount it. An unauthorized user with access to the burner could disrupt the next boot.