cdrecord permission problems
Bill Davidsen
davidsen at tmr.com
Mon Jul 7 22:14:38 UTC 2008
Alan Cox wrote:
>> The reason setuid is needed is to allow use of vendor commands, and the
>> command filter in the kernel doesn't allow some as non-root. Certain
>> people in the kernel community refuse to add these command, the author
>
> Actually thats untrue. We've added commands where it is safe to do so and
> we've also repeatedly said to people who wanted to customise the command
> list "send patches". Nobody has.
>
What patches? Below you reject the idea of specifying processes I trust
to write individual devices, any patch to add commands to the allowed
commands table in a running system could hardly be safer, and the table
applies to all processes and CD devices, while I propose matching g+rw
on the device with eGID of the process at open and setting some "trust"
flag. That allows me to trust only a single device to a single process.
>> The right answer would be to have the kernel provide a way such as group
>> id, so I could identify devices and programs I trust with each other.
>
> That doesn't work. If you give a process access to a CD it can change the
> firmware which means next reboot it controls the system. Thus the only
> logical thing you can give it is pretty much "all powers"
Anyone who puts anything ahead of the disk in the boot sequence is
asking to leave a media in a drive at next boot. Stupidity, like virtue,
is its own reward.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list