setuid cdrecord vs. wodim
Bill Davidsen
davidsen at tmr.com
Mon May 26 15:26:50 UTC 2008
Michael Schwendt wrote:
> On Fri, 23 May 2008 22:44:17 -0400, Bill Davidsen wrote:
>
>> Michael Schwendt wrote:
>>> On Tue, 20 May 2008 17:33:24 +0200, Valent Turkovic wrote:
>>>
>>>> Hi,
>>>> this guide is the best guide for Fedora 9!
>>>>
>>>> http://fedoraguide.info/index.php/Main_Page
>>>> http://digg.com/linux_unix/Best_guide_for_Fedora_9_ever
>>>>
>>>> How to setup MP3 and Video codecs, ATI and Nvidia drivers,
>>>> CompizFusion, etc... you need it they got it :)
>>>>
>>>> Probably most of your question about Fedora 9 are answered there and
>>>> the solutions are simple.
>>> Whoever added the setuid cdrecord stuff for k3b, please delete that
>>> or at least give the rationale for making the tools +s. k3b's warning
>>> can't be the only reason.
>>>
>> Just a clarification, I cdrecord is not installed on FC9 at all, rather
>> there is a program called "wodim" which is linked to cdrecord. Wodim is
>> a modified version of an old version of cdrecord, not the current
>> program from the original author.
>>
>> By any name the kernel filters commands send to the burner which
>> prevents certain commands from being sent unless you are root,
>> particularly commands specific to a particular vendor.
>
> So, in other words, Fedora does not work out of the box with such
> hardware?
>
> This is an important question, because one argument against Linux
> is the number of things to fiddle with [at the command-line] before
> a setup becomes usable. (Lots of howtos suggest changing ownership and
> permissions of device files, for example.)
>
> If setuid here is a requirement, why is it disabled in the Fedora
> package? If memory serves correctly, the cdrecord code drops
> privileges after setting up stuff. Is setuid needed or not?
>
I believe the correct answer is "sometimes" and see below why.
> The wodim man page says:
>
> Root permissions are usualy required to get higher process scheduling
> priority.
>
> That was claimed as unnecessary a couple of times before.
>
I regard it as unnecessary on a typical system, required on a system
with high load. Use of a larger than default fifo and burnfree has been
enough to handle scheduling issues for me, even on a humble Celeron with
high load.
> In order to be able to use the SCSI transport subsystem of the OS, run
> at highest priority and lock itself into core wodim either needs to be
> run as root, needs to be installed suid root or must be called via
> RBACs pfexec mechanism.
>
Without a lot of checking of source code, I can only say that either
wodim is not using all of the commands used by cdrecord OR the kernel
has been modified to accept the command which the Linus kernel blocks. I
don't know the answer. The priority and locking in core don't seem to be
needed for typical CPU and memory loads.
However, (a) wodim is based on a older version of cdrecord, and (b)
cdrecord has had some critical updates for D/L DVD and for BlueRay media
in the last month or so. I would expect the original tree of cdrecord to
require setuid and to work better with some hardware. Wodim works with
almost all CD and single layer DVD applications.
I also use growisofs (better user interface to multi-session), and
cdrskin (another OK license).
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list