Daniel Pielmeier <[email protected]> wrote: > Actually it is the linkage against libcap what I am concerned of.
This is what I call a security risk with the current concepts of some linux systems. See Announcement file for more.... > Imagine the following scenario. Libcap is not present on the system. > Then package X which requires libcap is installed and the package > manager who knows this installs libcap as a dependency. Then package Y > is installed which unconditionally links against libcap. The package > manager is unaware of this and does not know about the dependency. Now > package X is uninstalled and the package manager removes libcap because > he thinks nothing on the system needs it anymore. Now package Y will > stop working because libcap is not there anymore. If it is possible to > conditionally link against libcap such issues could be avoided. Libcap > will not be uninstalled if the dependency is known. Additionally it is > possible to have libcap installed and not link cdrtools against it. On Solaris, you cannot remove files that are part of the basic kernel features. Privileges on Solaris are a basic kernel feature and part of the basic security concept, so you cannot remove this.... on most Linux distros, it seems that you can. I am concerned about a different scenario: Imagine, you compile cdrtools without libcap and later install the support for the OS. Now you decide to use "setcap" to make cdrecord work. Cdrecord will really work this way, but you opened a security hole as this cdrecord now is not privileges aware and thus cannot even detect that it is running with more than basic privileges. Such a cdrecord installation will happyly write any local file for any local user to CD. Jörg -- EMail:[email protected] (home) Jörg Schilling D-13353 Berlin [email protected] (uni) [email protected] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
