suid cdrecord and 2.6.9/2.6.10
Nifty Hat Mitch
mitch48 at sbcglobal.net
Tue Jan 18 21:00:07 UTC 2005
On Tue, Jan 18, 2005 at 05:41:07PM -0200, Juliano Ravasi Ferraz wrote:
> Nifty Hat Mitch wrote:
> > For the short term try running it with sudo and not setting it SUID.
> > Sudo gives you some control over who can run it. SUID opens it wide.
>
> Dunno... A well written suid application is much more secure than the
> same application with sudo.
True, but in this case it was not designed to run SUID.
sudo lets you specify specific accounts that you trust
to run it. SUID lets anyone run it.
> > It is possible (under properties for the icon) in many cases to add
> > sudo to the command for the point and click iconic folks out there.
>
> Icon? There is no icon for cdrecord... cdrecord is backend... If you
> mean K3b or whatever, it is not a good idea to run it sudo for the same
> reason above, and K3b itself only knows about `cdrecord´... not `sudo
> cdrecord´. I would have at least to write an intermediate script.
Like I said sudo is sometimes better than SUID.
I did the sudo thing X-cdroast iconic launcher to limit my pain
when low level hardware access was locked out in the kernel for
all but root.
The critical decision for me was one and only one change
to make now and undo later and not a system wide change
for all user accounts.
--
T o m M i t c h e l l
spam unwanted email.
SPAM, good eats, and a trademark of Hormel Foods.
More information about the users
mailing list