LFS 6 Boot CD - 2nd round
Kevin P. Fleming
kpfleming at linuxfromscratch.org
Fri Sep 17 12:00:12 PDT 2004
Jeremy Utley wrote:
> The solution I would use for this one myself is to create a burner
> group, add any users who need to be able to burn CD's to that group.
> Then make the cdrecord binary SUID root, and only executable by that
> group. Minor security problem, but sidesteps the problem rather nicely.
Yes, this is a reasonable solution. However, the problem is not audio CD
specific, as I remember. The "audio CD specific" problem that's been
discussed is actually a memory leak that has been fixed as well. The
security issue affects all SCSI commands used to control CD burners,
regardless of the format of the data being sent.
At least that's my understanding from reading the code; I haven't
actually tried to burn a CD on my Linux system in a while so I haven't
seen this problem occur myself.
More information about the lfs-dev