On Thursday 27 November 2003 05:12 pm, Lowell Gilbert wrote:
> Charles Howse <[EMAIL PROTECTED]> writes:
> > On Thursday 27 November 2003 11:16 am, Lowell Gilbert wrote:
> > > Charles Howse <[EMAIL PROTECTED]> writes:
> > > > There has been signifigant discussion here in the past about
> > > > cdbakeoven not detecting ATAPI burners when run as an ordinary user.
> > > >
> > > > I had this issue, and may have a solution.
> > > >
> > > > Be sure your kernel is compiled with device atapicam.
> > > >
> > > > As root do:
> > > > # chmod u+s /usr/local/bin/cdrecord
> > > > Which will allow cdrecord to run as suid root.
> > >
> > > In other words, it's still not being run as an ordinary user...
> > cdbakeoven *is* being run as an ordinary user, which was the original
> > issue, but to detect an atapi burner, it has to do 'cdrecord -scanbus',
> > which will fail if not run as root. Make sense?
> I understood perfectly, but I don't think you've thought through all
> the implications. The process executing cdrecord is *not* being run
> as a normal user. The process is actually running as uid zero, which
> is to say that it's running as *root*. This is considerably less
> secure than running as the user's own uid. Thus, for systems where
> you're worried about the security with regard to local users, you are
> *vastly* worse off by making the executable suid-root.
I agree with you 100%. Though I didn't say it explicitly, my comments were
directed not to administrators where there is concern for local user
security, but to plain ordinary desktop users who just want to burn some
For example, I have a home lan, I am root on all 3 machines, no one else in
the house uses these machines. I am behind a hardware firewall with no ports
forwarded to this machine (the one with the burner).
I feel completely secure running cdrecord suid root.
Random Murphy's Law:
Don't make your doctor your heir.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"