LFS 6 Boot CD - 2nd round
jeremy at jutley.org
Fri Sep 17 12:04:28 PDT 2004
Kevin P. Fleming wrote:
> Jeremy Utley wrote:
>> The solution I would use for this one myself is to create a burner
>> group, add any users who need to be able to burn CD's to that group.
>> Then make the cdrecord binary SUID root, and only executable by that
>> group. Minor security problem, but sidesteps the problem rather nicely.
> Yes, this is a reasonable solution. However, the problem is not audio
> CD specific, as I remember. The "audio CD specific" problem that's
> been discussed is actually a memory leak that has been fixed as well.
> The security issue affects all SCSI commands used to control CD
> burners, regardless of the format of the data being sent.
> At least that's my understanding from reading the code; I haven't
> actually tried to burn a CD on my Linux system in a while so I haven't
> seen this problem occur myself.
Then we must be talking about 2 completely different issues. The only
one I remember hearing about was the memory leak. I know on my
220.127.116.11-ck* systems, I can still burn iso's as a regular user without
difficulty, as long as that user has write privledges to the devices.
Trying to get schily to do anything with cdrecord for linux will be like
pulling teeth - he doesn't like supporting linux anyway, from some of
the stuff he writes.
More information about the lfs-dev