setuid cdrecord vs. wodim (was: Re: Best guide for Fedora 9 ever !)

Michael Schwendt mschwendt at gmail.com
Sat May 24 09:21:55 UTC 2008


On Fri, 23 May 2008 22:44:17 -0400, Bill Davidsen wrote:

> Michael Schwendt wrote:
> > On Tue, 20 May 2008 17:33:24 +0200, Valent Turkovic wrote:
> > 
> >> Hi,
> >> this guide is the best guide for Fedora 9!
> >>
> >> http://fedoraguide.info/index.php/Main_Page
> >> http://digg.com/linux_unix/Best_guide_for_Fedora_9_ever
> >>
> >> How to setup MP3 and Video codecs, ATI and Nvidia drivers,
> >> CompizFusion, etc... you need it they got it :)
> >>
> >> Probably most of your question about Fedora 9 are answered there and
> >> the solutions are simple.
> > 
> > Whoever added the setuid cdrecord stuff for k3b, please delete that
> > or at least give the rationale for making the tools +s. k3b's warning
> > can't be the only reason.
> > 
> Just a clarification, I cdrecord is not installed on FC9 at all, rather 
> there is a program called "wodim" which is linked to cdrecord. Wodim is 
> a modified version of an old version of cdrecord, not the current 
> program from the original author.
> 
> By any name the kernel filters commands send to the burner which 
> prevents certain commands from being sent unless you are root, 
> particularly commands specific to a particular vendor.

So, in other words, Fedora does not work out of the box with such
hardware?

This is an important question, because one argument against Linux
is the number of things to fiddle with [at the command-line] before
a setup becomes usable. (Lots of howtos suggest changing ownership and
permissions of device files, for example.)

If setuid here is a requirement, why is it disabled in the Fedora
package? If memory serves correctly, the cdrecord code drops
privileges after setting up stuff. Is setuid needed or not?

The wodim man page says:

    Root  permissions  are usualy required to get higher process scheduling
    priority.

That was claimed as unnecessary a couple of times before.

    In order to be able to use the SCSI transport subsystem of the OS,  run
    at  highest priority and lock itself into core wodim either needs to be
    run as root, needs to be installed suid root  or  must  be  called  via
    RBACs pfexec mechanism.

-- 
Fedora release 9.90 (Rawhide) - Linux 2.6.26-0.17.rc3.fc10.i686
loadavg: 1.86 2.02 1.76




More information about the fedora-list mailing list