Re: cdrtools-2.01a22 ready

To: cdwrite@other.debian.org
Subject: Re: cdrtools-2.01a22 ready
From: Volker Kuhlmann <hidden@paradise.net.nz>
Date: Tue, 30 Dec 2003 12:37:47 +1300
Message-id: <20031229233747.GD5386@paradise.net.nz>
In-reply-to: <200312292247.hBTMlxPB004925@burner.fokus.fraunhofer.de>
References: <200312292247.hBTMlxPB004925@burner.fokus.fraunhofer.de>

> >Can you be more specific about the bugs please? Or does that "contain
> >bugs" simply refer to that they're not the latest alpha version?
> 
> Patches that don't follow the conceptional design of complex data structures
> easily break functions that the author of the patch is not aware of.

In the past so many years cdrecord has always worked for me, but I
haven't tried their latest version.

> >What "security holes" are you talking about?

> I tought that I did already mention it.

Not on this list in the months I've been subscribed to it, but thanks
for clarifying.

> SuSE implements a "device manager" deamon that opens device nodes for other
> programs. This daemon is less secure than cdrecord/libscg as libscg 
> does far more than a simple string compare/pattern matching on the device node
> name.

Your alternative requires cdrecord to be SUID root, which from my point
of view (not knowing the details about either) isn't any safer than
resmgr (programmed by a professional + paid security person). IMHO it
isn't worth kicking up a security scare about, especially when that
scare is accompanied by a complete nought of facts.

Volker

-- 
Volker Kuhlmann			is possibly list0570 with the domain in header
http://volker.dnsalias.net/		Please do not CC list postings to me.

Reply to:

References:
- Re: cdrtools-2.01a22 ready
  - From: Joerg Schilling <schilling@fokus.fraunhofer.de>

Prev by Date: Re: cdrtools-2.01a22 ready
Next by Date: Re: CD booting question
Previous by thread: Re: cdrtools-2.01a22 ready
Next by thread: Re: cdrtools-2.01a22 ready
Index(es):
- Date
- Thread