Re: Access rights with growisofs

[Nick Urbanik]

On Mon, Jul 12, 2004 at 04:20:40PM -0701, Jacob Meuser wrote:
> On Tue, Jul 13, 2004 at 05:44:21AM +0800, Nick Urbanik wrote:
> 
> > I agree that sudo is useful; I wrote this intro to sudo for my
> > students: http://ictlab.tyict.vtc.edu.hk/ossi/lab/sudo/sudo.pdf which
> > includes a picture of a chainsaw, under which I wrote, "Doing
> > everything as root is like cutting bread with a chainsaw."
> > 
> > However, Andy wrote in his man page for growisofs in
> > dvd+rw-tools-5.19.4.9.7 that 
> > "If executed under sudo(8) growisofs refuses to start."
> > ...
> > #!/bin/ksh
> > unset SUDO_COMMAND
> > export MKISOFS=/path/to/trusted/mkisofs
> > exec growisofs "$@"
> > 
> > And there is the answer to my question.  Andy is rightly concerned
> > that running growisofs under sudo allows any user with sudo privilege
> > read access to any file in the file system, as well as the right to
> > execute program of their choice with elevated privileges.
> 
> This is just like the situation with more(1) or less(1).
> 
> IMHO, this is a dumb argument.  Whether or not sudo is properly
> understood, configured or used is not growisofs's problem.

Hmm, I'm beginning to think so too.  

Here is the output from mondoarchive:
[Main] libmondo-fork.c->eval_call_to_make_ISO#237: Calling open_evalcall_form()
[Main] libmondo-fork.c->eval_call_to_make_ISO#268: command = 'growisofs -J -no-e[Main] 
libmondo-fork.c->run_external_binary_with_percentage_indicator_NEW#893: c[Main] 
libmondo-fork.c->run_prog_in_bkgd_then_exit#852: sz_command = 'growisofs
:-( growisofs is being executed under sudo, aborting!
See NOTES paragraph in growisofs manual page for further details.
[Main] libmondo-fork.c->run_prog_in_bkgd_then_exit#855: child res = 141
Ejecting media.
Dagnabbit. It still failed.
                          Failed to burn DVD #1. Retry?

So it seems I need to make that little wrapper, name it growisofs,
rename the original growisofs, so that I can continue with using
mondo.  Yes, I think it's probably better to let people learn how to
use sudo themselves rather than teach them what to do from another
program.
-- 
Nick Urbanik   RHCE                               nicku(at)vtc.edu.hk
Proud member of the Dept. of Information & Communications Technology,
Home of Visual Paradigm: Jolt Productivity Award winner, programmed
by our own graduates!      Tel: (852) 2436 8576  Fax: (852) 2436 8526
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24   ID: BB9D2C24

pgpQbxYQh92Vo.pgp
Description: PGP signature