On Tue, Jul 13, 2004 at 09:18:53AM +0200, [EMAIL PROTECTED] wrote: > > > However, Andy wrote in his man page for growisofs in > > > dvd+rw-tools-5.19.4.9.7 that > > > "If executed under sudo(8) growisofs refuses to start." > > > ... > > > And there is the answer to my question. Andy is rightly concerned > > > that running growisofs under sudo allows any user with sudo privilege > > > read access to any file in the file system, as well as the right to > > > execute program of their choice with elevated privileges. > > > > IMHO, this is a dumb argument. Whether or not sudo is properly > > understood, configured or used is not growisofs's problem. > > If i get both, Andy and Joerg, right, then they are concerned > about the fact that you cannot configure sudo properly enough > to close all potential security holes within their programs > (e.g. environment variables which may cause arbitrary programs to > get started with the privileges granted by sudo).
Lots of programs read/write/exec* files based on the environment. mkisofs is not so special. > Both clearly advise to use setuid rather than sudo. There is a very big difference between suggesting in documentation and breaking in code. -- <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
