"Dmitry G. Kozhinov" <[email protected]> wrote: > >sound-juicer is started by a non-root user the process runs as root and > >writes its files as root > > If this is true, this is a huge security hole. Someone should investigate the > problem. As far as I could understand, Sound Juicer does not know root > password, however bypassing this somehow. Total crash of all UNIX ideas.
There are several similar problems in GNOME. They are a result from the fact that Linux is not security oriented when allowing to send SCSI commands to devices. This can be done as normal user on Linux for many SCSI commands. People develop on Linux and create non-portable code that is a security risk. Since sound-jouicer now cleanly calls cdda2wav in order to read AUDIO data from CD, there should no longer be a need to run sound-juicer as root. Jörg -- EMail:[email protected] (home) Jörg Schilling D-13353 Berlin [email protected] (uni) [email protected] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily _______________________________________________ opensolaris-discuss mailing list [email protected]
