Daniel Pielmeier <bil...@gentoo.org> wrote:
> 2013/4/29 Joerg Schilling <joerg.schill...@fokus.fraunhofer.de>
> > Do you like people to be able to open security holes?
>
> Adding an option to enable/disable linkage to libcap does not hurt anybody
> it just eases maintaining the package. You can enable it by default if you
> wish.
>
> As long as it is possible to remove libcap from the system the security
> hole you are talking about is still there. The option does not change
> anything. Currently one could still compile cdrtools without libcap and
> afterwards install libcap and use setcap on cdrecord et al. which leads to
> the same problem.
OK, I could create such an option.
I just don't like people to be able to do this without knowing that there is a
potential security problem if the cdrecord binary has been assigned file caps
but cdrecord doesn't understand that it is running with enhanced privileges.
So I hope that from this discussion people here will remember the problem in
case that somebody later runs into it.
Jörg
--
EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
j...@cs.tu-berlin.de (uni)
joerg.schill...@fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
