LFS 6 Boot CD - 2nd round

Kevin P. Fleming kpfleming at linuxfromscratch.org
Fri Sep 17 12:00:12 PDT 2004


Jeremy Utley wrote:

> The solution I would use for this one myself is to create a burner 
> group, add any users who need to be able to burn CD's to that group.  
> Then make the cdrecord binary SUID root, and only executable by that 
> group.  Minor security problem, but sidesteps the problem rather nicely.

Yes, this is a reasonable solution. However, the problem is not audio CD 
specific, as I remember. The "audio CD specific" problem that's been 
discussed is actually a memory leak that has been fixed as well. The 
security issue affects all SCSI commands used to control CD burners, 
regardless of the format of the data being sent.

At least that's my understanding from reading the code; I haven't 
actually tried to burn a CD on my Linux system in a while so I haven't 
seen this problem occur myself.



More information about the lfs-dev mailing list