I would side with Schilling, i also read it on bugtraq. The problem seems to be more related to cdrecord needing to be root to access the devices to write the disks with, rather then cdrecord having some buffer-overflow thing, that would allow a user to obtain root. See the user IS root allready when they burn disks anyways. But there you go, you can roast me on that. I would suggest a access mechanism to negate root privilege to access cd/dvd burners. And i also think this should be implemented kernel-side or dev-side rather than user-land application (cdrecord) side. Again, i am sure, the gurus Will find the optimum solution to this problem. Cheers Szemir
On September 25, 2004 19:54, s. keeling wrote: > Incoming from Peter Van den Wildenbergh: > > I downloaded the latest cdrecord form Mr. Schilling > > I had a very interesting read ... obviously the guy doesn't really like > > Linux... > > There's a huge flamewar going on recently between the Linux security > gods and Schilling. Last I heard, the jury's still out. Some > distributions (eg., Debian) are just outright disabling user access to > the burning device until something's done about the security stuff. > Burning as root still works, which makes me wonder what the problem > is. I've always done my backups as root. _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
