SUID to cdrecord and cdrdao
Leszek Matok
Lam at Lam.pl
Tue May 22 21:07:45 UTC 2007
Dnia 22-05-2007, wto o godzinie 22:45 +0200, Krzysztof Halasa
napisał(a):
> Suid and especially root suid is a sensitive thing, you don't chmod
> random files suid root and you don't let random users' random programs
> talk directly to the hardware (which is exactly what cdrecord does).
First of all, cdrecord manages to write to many burners without root
privileges, which means that I do allow it to talk directly to hardware,
only there are some SCSI commands that are considered unsafe. That's why
they require uid 0. My burner requires usage of such commands to
actually burn CD-s, so I pick one (non-random!) program that I know
doesn't screw up my hard drives and give it the privileges. That's
nothing unusual.
Now, there was a bug in cdrecord that allowed any script kiddie to run
any command with root privileges, I know. But on my home PC I don't even
care if it's still there (it isn't, I assure you) and on my servers I
don't even have cdrecord installed (not to mention good practice of
find / -perm -4000).
Besides, nowadays, we have selinux, remember? It's the tricky thing that
makes your exploit useless if cdrecord isn't allowed to exec( ) things.
So it can be done safe if we make it that way and SUID is really needed
for some burners (at least for now). I'm not only not afraid, but
eagerly waiting for it.
Lam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: To jest cz??? listu podpisana cyfrowo
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070522/e305f7c0/attachment.sig>
More information about the fedora-devel-list
mailing list