Daniel Pielmeier <[email protected]> wrote: > 2013/4/29 Joerg Schilling <[email protected]>
> > Do you like people to be able to open security holes? > > Adding an option to enable/disable linkage to libcap does not hurt anybody > it just eases maintaining the package. You can enable it by default if you > wish. > > As long as it is possible to remove libcap from the system the security > hole you are talking about is still there. The option does not change > anything. Currently one could still compile cdrtools without libcap and > afterwards install libcap and use setcap on cdrecord et al. which leads to > the same problem. OK, I could create such an option. I just don't like people to be able to do this without knowing that there is a potential security problem if the cdrecord binary has been assigned file caps but cdrecord doesn't understand that it is running with enhanced privileges. So I hope that from this discussion people here will remember the problem in case that somebody later runs into it. Jörg -- EMail:[email protected] (home) Jörg Schilling D-13353 Berlin [email protected] (uni) [email protected] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
