Re: [gentoo-dev] useless set*id binaries

Fri, 27 Jan 2012 17:10:23 -0800 

On 01/28/2012 02:41 AM, Mike Frysinger wrote:

On Friday 27 January 2012 19:18:07 Samuli Suominen wrote:

On 01/28/2012 02:14 AM, Mike Frysinger wrote:

along these lines, why is cdrtools set*id ?  if we have a "cdrom" group,
and we assign our cdroms/dvdroms to that group, then we already have
access control in place and can skip the set*id.


cdrtools can't probe the drives without the binary being setuid, or the
user belonging to the 'disk' group (and even that is not enough in some
cases if the permissions vary)


the drives are owned by the "cdrom" group and have group +rw.  so if the user
is in the "cdrom" group, why can't they probe the drives ?

"disk" owns the non-removable hard drives.

$ ls -l /dev/sr0 /dev/sg0 /dev/sg6
crw-rw---- 1 root disk  21, 0 Jan  6 23:07 /dev/sg0
crw-rw---- 1 root cdrom 21, 6 Jan  6 23:07 /dev/sg6
brw-rw---- 1 root cdrom 11, 0 Jan 17 22:28 /dev/sr0
-mike



i dont know why, but it does probe also non-removable disks... it probes 
per bus, iirc


you can try it easily yourself:

ssuominen@null ~ $ cdrecord -scanbus

Cdrecord-ProDVD-ProBD-Clone 3.01a06 (x86_64-unknown-linux-gnu) Copyright 
(C) 1995-2011 Joerg Schilling

Linux sg driver version: 3.5.34
Using libscg version 'schily-0.9'.
scsibus0:
        0,0,0     0) 'ATA     ' 'WDC WD5000AADS-0' '01.0' Disk
        0,1,0     1) *
        0,2,0     2) *
        0,3,0     3) *
        0,4,0     4) *
        0,5,0     5) *
        0,6,0     6) *
        0,7,0     7) *
scsibus1:
        1,0,0   100) 'ATA     ' 'ST31000333AS    ' 'SD25' Disk
        1,1,0   101) 'TSSTcorp' 'CDDVDW SH-S223C ' 'SB06' Removable CD-ROM
        1,2,0   102) *
        1,3,0   103) *
        1,4,0   104) *
        1,5,0   105) *
        1,6,0   106) *
        1,7,0   107) *
scsibus4:
        4,0,0   400) 'HUAWEI  ' 'Mass Storage    ' '2.31' Removable CD-ROM
        4,1,0   401) *
        4,2,0   402) *
        4,3,0   403) *
        4,4,0   404) *
        4,5,0   405) *
        4,6,0   406) *
        4,7,0   407) *
scsibus5:
        5,0,0   500) 'HUAWEI  ' 'TF CARD Storage ' '    ' Removable Disk
        5,1,0   501) *
        5,2,0   502) *
        5,3,0   503) *
        5,4,0   504) *
        5,5,0   505) *
        5,6,0   506) *
        5,7,0   507) *
ssuominen@null ~ $ sudo chmod 755 /usr/bin/cdrecord
ssuominen@null ~ $ cdrecord -scanbus

Cdrecord-ProDVD-ProBD-Clone 3.01a06 (x86_64-unknown-linux-gnu) Copyright 
(C) 1995-2011 Joerg Schilling
cdrecord: Permission denied. Cannot open '/dev/sg0'. Cannot open or use 
SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you 
are root.

cdrecord: For possible transport specifiers try 'cdrecord dev=help'.
ssuominen@null ~ $ groups
wheel audio cdrom video games cdrw usb users portage
ssuominen@null ~ $























					Reply via email to