Lastest Kernel update breaks k3b
Sean Middleditch
elanthis at awesomeplay.com
Fri Aug 20 17:02:35 UTC 2004
On Fri, 2004-08-20 at 12:57 -0400, Jeremy Katz wrote:
> On Fri, 2004-08-20 at 12:47 -0400, Sean Middleditch wrote:
> > k3b uses the cdrecord command line tool to do its work, iirc. You don't
> > need to run k3b as root, just make cdrecord setuid. Which is exactly
> > how the cdrecord author has always told people to use it. If you want
> > to limit who can use cdrecord, change it's group and remove execute
> > permissions for 'others'. Then only people in the group (or root) can
> > execute cdrecord, and because its setuid root, it'll always work.
>
> ...
>
> which is a bad idea as I can now burn anything on the filesystem. Want
> a copy of /etc/shadow to start cracking those passwords? Now you can
> get one :)
Point. You can then just set the RAWIO capability. I don't know if the
filesystems these days allow setting those; a setuid wrapper that drops
privileges but executes the real cdrecord with the necessary capability
should work, no?
>
> Jeremy
>
>
--
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
More information about the fedora-devel-list
mailing list