my bug https://launchpad.net/ubuntu/+source/gnomebaker/+bug/75330 has been made duplicated to this, so I think it makes sense to put feedback here too
After I had bug filed and wait, I have made also support request https://launchpad.net/ubuntu/+ticket/2905 and first reply gave me a URL to ubuntuforums posting where temporary workaround is suggested. It also made overall picture more or less clear. There is a conflict in understanding of security architecture between author(s) of cdrecord and Debian team member(s), which causes deadlock. Cdrecord author claims that cdrecord binaries shall have root-level access (literally in SUID- bit set on) in order to gain pereformance-related kernel features, and in his opinion it is completely safe to put SUID on. Debian team stays on opposite, i.e. one should be completely insane from security point of view to put SUID flag on "just because package author thinks so", and they refuse to put SUID bits in Debian distro. As for now, I haven't had enough time to get into issue deeper and try find real solution (it doesn't seem to be on surface IMHO). I haven't been dare to set SUID on my desktop PC, as I knew that SUID on completely unrelated binary might be used as attack vector (I was security engineer for few Debian-derived distros). So, as a bottom liner I suggest two things on this: 1) someone from Ubuntu team could get around cdrecord bugs (also all cdrecord-dependant packages bugs) and try to sort out all of them as duplicate of this (or any other from selected) bug 2) make an effort to find security-safe solution to this problem, as it might need more serious effort than just plain bugfixing - problem IS deeper, on the level of security architecturing, and tweaking here and there hardly ever helps. -- Can't burn CD-RW, CD-R etc in Gnome in Edgy Beta https://launchpad.net/bugs/63539 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
