possible solution to cdbakeoven failing to detect ATAPI burners
Charles Howse
chowse at charter.net
Thu Nov 27 15:59:37 PST 2003
On Thursday 27 November 2003 05:47 pm, Lowell Gilbert wrote:
> Charles Howse <chowse at charter.net> writes:
> > I agree with you 100%. Though I didn't say it explicitly, my comments
> > were directed not to administrators where there is concern for local user
> > security, but to plain ordinary desktop users who just want to burn some
> > CD's.
>
> In my opinion, it is quite important to be explicit about security
> tradeoffs when posting to a public mailing list that is frequently
> searched by novice sysadmins.
I will take that as good advice. :-)
No disrespect, but seriously, can you give me a scenario where something bad
could happen on *my* computer because I'm running cdrecord suid-root?
I would also be very interested to hear a scenario where something bad could
happen on an insecure system if they are running cdrecord suid-root.
If I have more information on the implications of suid-root, I may be more
careful in the future.
Actually, I got my idea from man cdrecord, where it says:
If you don't want to allow users to become root on your system,
cdrecord may safely be installed suid root. This allows all users or a
group of users with no root privileges to use cdrecord. Cdrecord in
this case checks, if the real user would have been able to read the
specified files. To give all user access to use cdrecord, enter:
chown root /usr/local/bin/cdrecord
chmod 4711 /usr/local/bin/cdrecord
To give a restricted group of users access to cdrecord enter:
chown root /usr/local/bin/cdrecord
chgrp cdburners /usr/local/bin/cdrecord
chmod 4710 /usr/local/bin/cdrecord
and add a group cdburners on your system.
--
Thanks,
Charles
http://howse.homeunix.net:8080
Random Murphy's Law:
If it's good they will stop making it.
More information about the freebsd-questions
mailing list