José Alburquerque wrote:
Does anyone know a way for regular users to use cdrecord for CD
writing/blanking without the need for it to setuid? Any pointers
would be greatly appreciated. Thanks!
Just thought I'd let everyone know, I think I'll just be using cdrecord
as it is. I'll keep all
David E. Fox wrote:
On Tue, 8 Aug 2006 16:55:54 -0600
"Dwayne C. Litzenberger" <[EMAIL PROTECTED]> wrote:
Also be CAREFUL. On my system, /usr/bin/cdrecord is a SHELL SCRIPT, and
SUID-root shell scripts are a big security hole, IIRC. You probably want
to set the permissions on /usr/bin/cd
On Tue, Aug 08, 2006 at 08:53:35PM -0700, David E. Fox wrote:
To the OP - you can, I suppose, chmod the /usr/bin/cdrecord to regular
non-suid (chmod 750 /usr/bin/cdrecord). I notice the permissions here
for it are -rwsr-xr-- implying that others can read the binary, but not
execute it. (2754 in #
On 08/08/2006 12:32 AM, Mike McCarty wrote:
Mumia W. wrote:
[...] Sudo is the only
alternative to making cdrecord SUID root.
And a very viable one.
Mike
But people should know that they would have to create a
special script to run cdrecord under sudo, or it would be less
safe than SUID ro
On Tue, 8 Aug 2006 16:55:54 -0600
"Dwayne C. Litzenberger" <[EMAIL PROTECTED]> wrote:
>
> Also be CAREFUL. On my system, /usr/bin/cdrecord is a SHELL SCRIPT, and
> SUID-root shell scripts are a big security hole, IIRC. You probably want
> to set the permissions on /usr/bin/cdrecord.mmap.
Good
On Tue, 08 Aug 2006 03:13:23 GMT
"s. keeling" <[EMAIL PROTECTED]> wrote:
>
> (0) heretic /home/keeling_ all `which cdrecord`
> -rwxr-xr-x 1 root root 133 2005-01-09 09:55 /usr/bin/cdrecord*
It's kernel-dependent, is it not? I mean, maybe you can do this in
2.6.8 (sarge defautl kernel) but not in
On Mon, 07 Aug 2006 13:39:43 -0600
Glenn English <[EMAIL PROTECTED]> wrote:
> I fought with this for a while and found the real problem to be permissions
> on the /dev file.
etch too here :)
As I understand the situation, whether a user is able to use the CD
device to write (reliably, that is) i
On Tue, Aug 08, 2006 at 12:32:49AM -0500, Mike McCarty wrote:
The user won't get much mileage out of it either. Sudo is the only
alternative to making cdrecord SUID root.
And a very viable one.
And it opens up a rather large security hole.
cdrecord is designed to be made suid-root; It drops
On Tue, Aug 08, 2006 at 12:49:27PM -0400, José Alburquerque wrote:
The setuid-root sollution (give only the group executable rights, make it
suid root), please note that this is a security risk - you have been
warned):
1) create a group and add users as above
2) remove world executable from cd
José Alburquerque wrote:
s. keeling wrote:
Very odd, on both of you.
(0) heretic /home/keeling_ all `which cdrecord`
-rwxr-xr-x 1 root root 133 2005-01-09 09:55 /usr/bin/cdrecord*
No SUID needed.
(0) heretic /home/keeling_ id
uid=1000(keeling) gid=1000(keeling)
groups=20(dialout),24(cdrom)
s. keeling wrote:
José Alburquerque <[EMAIL PROTECTED]>:
Thanks for your reply :-) I believe that my cdrecord has the same
permissions and everything works fine like this:
[EMAIL PROTECTED]:~$ ll `which cdrecord`
-rwsr-xr-- 1 root cdrom 133 2006-01-07 13:43 /usr/bin/cdrecord*
My problem
On 08/07/2006 03:52 PM, Mumia W. wrote:
[...] Sudo is the only
alternative to making cdrecord SUID root.
Oops. Evidently that isn't the only alternative. Others have
posted that they've run cdrecord without SUID root. Oh well,
on my kernel SUID root is required.
--
To UNSUBSCRIBE, ema
Mumia W. wrote:
I find it hard to believe that this works. I tried that too and
discovered that running cdrecord SUID root is a requirement; cdrecord
uses privileged IOCTLS (whatever they are).
IOCTL - Input/Output ConTroL
This does direct communication with the device driver. In this case,
t
On 08/07/2006 02:39 PM, Glenn English wrote:
José Alburquerque wrote:
My problem is that I'd like cdrecord not to have the SUID set (the 's'
in '-rwsr-xr--' above). I'm not sure this is possible, but if it is and
someone out there knows, I'd really appreciate it! I'm running testing
(etch)
José Alburquerque <[EMAIL PROTECTED]>:
> Matej Cepl wrote:
>
> >José Alburquerque wrote:
> >
> >>Does anyone know a way for regular users to use cdrecord for CD
> >>writing/blanking without the need for it to setuid? Any pointers would
> >>be greatly appreciated. Thanks!
> >
> >I think you need
#include
* Dwayne C. Litzenberger [Mon, Aug 07 2006, 03:16:46PM]:
> On Mon, Aug 07, 2006 at 01:39:43PM -0600, Glenn English wrote:
> >If you want to do it without the extra group, just make the burner world
> >write-able. I don't see how a cracker could get much mileage out of that...
>
> Note, h
Dwayne C. Litzenberger wrote:
On Mon, Aug 07, 2006 at 01:39:43PM -0600, Glenn English wrote:
If you want to do it without the extra group, just make the burner world
write-able. I don't see how a cracker could get much mileage out of
that...
Note, however, that if cdrecord doesn't run SUID
On Mon, Aug 07, 2006 at 01:39:43PM -0600, Glenn English wrote:
If you want to do it without the extra group, just make the burner world
write-able. I don't see how a cracker could get much mileage out of that...
Note, however, that if cdrecord doesn't run SUID root, it can't get
realtime sched
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
José Alburquerque wrote:
> My problem is that I'd like cdrecord not to have the SUID set (the 's'
> in '-rwsr-xr--' above). I'm not sure this is possible, but if it is and
> someone out there knows, I'd really appreciate it! I'm running testing
> (e
Matej Cepl wrote:
José Alburquerque wrote:
Does anyone know a way for regular users to use cdrecord for CD
writing/blanking without the need for it to setuid? Any pointers would
be greatly appreciated. Thanks!
I think you need to have at leas this:
chelcicky:~$ ll `which cdrecord`
José Alburquerque wrote:
> Does anyone know a way for regular users to use cdrecord for CD
> writing/blanking without the need for it to setuid? Any pointers would
> be greatly appreciated. Thanks!
I think you need to have at leas this:
chelcicky:~$ ll `which cdrecord`
-rwsr-xr-- 1 root cdrom 1
Does anyone know a way for regular users to use cdrecord for CD
writing/blanking without the need for it to setuid? Any pointers would
be greatly appreciated. Thanks!
Sincerely
Jose Alburquerque
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
22 matches
Mail list logo
