Re: cdrtools-2.01a22 ready
> >Can you be more specific about the bugs please? Or does that "contain
> >bugs" simply refer to that they're not the latest alpha version?
>
> Patches that don't follow the conceptional design of complex data structures
> easily break functions that the author of the patch is not aware of.
In the past so many years cdrecord has always worked for me, but I
haven't tried their latest version.
> >What "security holes" are you talking about?
> I tought that I did already mention it.
Not on this list in the months I've been subscribed to it, but thanks
for clarifying.
> SuSE implements a "device manager" deamon that opens device nodes for other
> programs. This daemon is less secure than cdrecord/libscg as libscg
> does far more than a simple string compare/pattern matching on the device node
> name.
Your alternative requires cdrecord to be SUID root, which from my point
of view (not knowing the details about either) isn't any safer than
resmgr (programmed by a professional + paid security person). IMHO it
isn't worth kicking up a security scare about, especially when that
scare is accompanied by a complete nought of facts.
Volker
--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.
Reply to: