Re: Access rights with growisofs
On Tue, Jul 13, 2004 at 09:18:53AM +0200, scdbackup@gmx.net wrote:
> > > However, Andy wrote in his man page for growisofs in
> > > dvd+rw-tools-5.19.4.9.7 that
> > > "If executed under sudo(8) growisofs refuses to start."
> > > ...
> > > And there is the answer to my question. Andy is rightly concerned
> > > that running growisofs under sudo allows any user with sudo privilege
> > > read access to any file in the file system, as well as the right to
> > > execute program of their choice with elevated privileges.
> >
> > IMHO, this is a dumb argument. Whether or not sudo is properly
> > understood, configured or used is not growisofs's problem.
>
> If i get both, Andy and Joerg, right, then they are concerned
> about the fact that you cannot configure sudo properly enough
> to close all potential security holes within their programs
> (e.g. environment variables which may cause arbitrary programs to
> get started with the privileges granted by sudo).
Lots of programs read/write/exec* files based on the environment.
mkisofs is not so special.
> Both clearly advise to use setuid rather than sudo.
There is a very big difference between suggesting in documentation and
breaking in code.
--
<jakemsr@jakemsr.com>
Reply to: