Re: cdrecord wihout SUID
On Tue, Aug 08, 2006 at 12:32:49AM -0500, Mike McCarty wrote:
The user won't get much mileage out of it either. Sudo is the only
alternative to making cdrecord SUID root.
And a very viable one.
And it opens up a rather large security hole.
cdrecord is designed to be made suid-root; It drops root privileges once it
acquires the resources it needs. If you instead use sudo, then cdrecord
won't drop its root privileges, allowing anyone who can run cdrecord via
sudo to burn sensitive files to a CD (e.g. /etc/shadow,
/etc/ssl/private/server.key, /root/.ssh/id_rsa, /proc/kcore, etc), and
possibly do other nasty things. (What does cdrecord do if you pass it
something like "dev=/dev/hda", where /dev/hda is a hard drive?)
It also won't work properly if you're trying to burn files from an NFSv4
filesystem, unless root has authenticated as the same user as yourself.
It might be possible to safely put *specific* cdrecord commands into
/etc/sudoers (such as a command to burn directly from stdin to a specific
drive), but in general it's not a good idea.
--
Dwayne C. Litzenberger <dlitz@dlitz.net>
Reply to: