> From gww at eng.sun.com Wed Jul 23 08:26:19 2008:
>
> > > 4.2. Interfaces:
> > > Exported Interfaces
> > > Interface Classification Comments
> > > --------------- ---------------
> > > -----------------------
> > > /usr/bin/cdrdao Volatile the main program
> > > /usr/bin/toc2cue Volatile convert toc file to cue file
> > > /usr/bin/toc2cddb Volatile convert toc file to cddb file
> > > /usr/share/cdrdao/drivers
> > > Volatile a Text file contains
> > > list of supported driver
>
> > > 4.7 Security Impact:
> > >
> > > None.
>
> How does this project relate to the existing cdrw(1) which is
> suid? How does this project relate to the solaris.device.cdrw
> authorization?
Perhaps I missed the discussion of the Security Impact.
The point is None is not correct for cdrw and doesn't
seem to be correct for cdrecord either.
What is the Security Impact of this project?
Does it follow cdrw's model? If so why? If not why not?
Does it follow cdrecord's model? If so why? If not why not?
Does it have a different model? If so why? If not why not?
Aside, since there seem to different historical models,
IMO the ARCs need to tell management to harmonize the models
in a future project. (This used to be steering committee advice ;-)
Gary..
