Re: Bug#71237: cdparanoia: cannot use cdparanoia 'out of the box' as a non-root user.
On Tue, 12 Sep 2000, Dale E. Martin wrote:
> > The problem I have here is that the 'appropriate device' is not guarenteed
> > to stay constant with respect to the SCSI bus and ID, the way IDE devices
> > are for example. On my system (I believe this is actually the default)
> > scd devices are group audio, perm 0660, and my cdripper account is in the
> > audio group.
> >
> > Currently, I have two hard drives and two cdrom drives in this machine.
> > The hard drives are at IDs 0 and 1, and the cdrom drives are at IDs 5 and
> > 6.
> >
> > ID: generic:
> > 0 sg0
> > 1 sg1
> > 5 sg2
> > 6 sg3
> >
> > Now I want to connect an external hard drive to my machine, so I have more
> > storage space for my music collection. I set this drive to ID 3.
> >
> > ID: generic:
> > 0 sg0
> > 1 sg1
> > 3 sg2
> > 5 sg3
> > 6 sg4
> >
> > Notice that now my external hard drive has access by audio group through
> > the generic device, and my second cdrom drive is no longer accessable by
> > the audio group.
> >
> > Basically, cdparanoia and the installer scripts cannot depend on a fixed
> > mapping between the scd device and the sg device.
>
> I think that's even more of an argument for not having automated lookups
> occuring. I.e. you want to know what you're doing to be accessing raw
> SCSI devices. That's simply my opinion of course...
>
> I can see how you arrived at the solution that you did now though. So
> far, you're the only person that's sent me email advocating SUID root.
> Would documenting that as a solution, and describing how to do it in
> Readme.Debian, along with the other approaches/problems be sufficient in
> your opinion?
>
> > On the other hand, I believe this will be a moot point under devfs.
>
> I brought this up once on debian devel. A lot of people are very
> anti-devfs. I still haven't ever played with it and have no opinion of
> my own on it.
I haven't played with or looked at devfs yet either, but what I have heard
indicates that device naming (outside the /dev/ compatibility entries)
should be closer in style to Solaris device naming, in particular where
bus-based devices are named with the bus # and ID #.
Anyway, I would suggest that, if cdparanoia is set suid root, it do
whatever device consistancy checking it does, open the particular generic
device it needs, then drop suid privelages.
The administrator should be asked if cdparanoia should be installed suid
root, with the default to be NO.
debconf could ask something like the following:
cdparanoia is by default not installed SUID root. This is normally
a good thing, because a bug in the cdparanoia executable or the
kernel SCSI system could conceivably lead to cdparanoia accessing
a non-cdrom device and potentially causing data corruption.
However, if you wish to allow normal users access to extract audio
using SCSI cdrom drives, then you should install cdparanoia SUID
root. If you do not have any SCSI cdrom drives you should answer
NO here.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: