LFS 6 Boot CD - 2nd round

Jeremy Utley jeremy at jutley.org
Fri Sep 17 12:04:28 PDT 2004


Kevin P. Fleming wrote:

> Jeremy Utley wrote:
>
>> The solution I would use for this one myself is to create a burner 
>> group, add any users who need to be able to burn CD's to that group.  
>> Then make the cdrecord binary SUID root, and only executable by that 
>> group.  Minor security problem, but sidesteps the problem rather nicely.
>
>
> Yes, this is a reasonable solution. However, the problem is not audio 
> CD specific, as I remember. The "audio CD specific" problem that's 
> been discussed is actually a memory leak that has been fixed as well. 
> The security issue affects all SCSI commands used to control CD 
> burners, regardless of the format of the data being sent.
>
> At least that's my understanding from reading the code; I haven't 
> actually tried to burn a CD on my Linux system in a while so I haven't 
> seen this problem occur myself.

Then we must be talking about 2 completely different issues.  The only 
one I remember hearing about was the memory leak.  I know on my 
2.6.8.1-ck* systems, I can still burn iso's as a regular user without 
difficulty, as long as that user has write privledges to the devices. 

Trying to get schily to do anything with cdrecord for linux will be like 
pulling teeth - he doesn't like supporting linux anyway, from some of 
the stuff he writes.

-J-




More information about the lfs-dev mailing list