possible solution to cdbakeoven failing to detect ATAPI burners

Charles Howse chowse at charter.net
Thu Nov 27 15:32:32 PST 2003

On Thursday 27 November 2003 05:12 pm, Lowell Gilbert wrote:
> Charles Howse <chowse at charter.net> writes:
> > On Thursday 27 November 2003 11:16 am, Lowell Gilbert wrote:
> > > Charles Howse <chowse at charter.net> writes:
> > > > There has been signifigant discussion here in the past about
> > > > cdbakeoven not detecting ATAPI burners when run as an ordinary user.
> > > >
> > > > I had this issue, and may have a solution.
> > > >
> > > > Be sure your kernel is compiled with device atapicam.
> > > >
> > > > As root do:
> > > > # chmod u+s /usr/local/bin/cdrecord
> > > > Which will allow cdrecord to run as suid root.
> > >
> > > In other words, it's still not being run as an ordinary user...
> >
> > cdbakeoven *is* being run as an ordinary user, which was the original
> > issue, but to detect an atapi burner, it has to do 'cdrecord -scanbus',
> > which will fail if not run as root.  Make sense?
> I understood perfectly, but I don't think you've thought through all
> the implications.  The process executing cdrecord is *not* being run
> as a normal user.  The process is actually running as uid zero, which
> is to say that it's running as *root*.  This is considerably less
> secure than running as the user's own uid.  Thus, for systems where
> you're worried about the security with regard to local users, you are
> *vastly* worse off by making the executable suid-root.

I agree with you 100%.  Though I didn't say it explicitly, my comments were 
directed not to administrators where there is concern for local user 
security, but to plain ordinary desktop users who just want to burn some 

For example, I have a home lan, I am root on all 3 machines, no one else in 
the house uses these machines.  I am behind a hardware firewall with no ports 
forwarded to this machine (the one with the burner).

I feel completely secure running cdrecord suid root.


Random Murphy's Law:
Don't make your doctor your heir.

More information about the freebsd-questions mailing list