[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Access rights with growisofs



On Tue, Jul 13, 2004 at 09:18:53AM +0200, scdbackup@gmx.net wrote:
> > > However, Andy wrote in his man page for growisofs in
> > > dvd+rw-tools-5.19.4.9.7 that 
> > > "If executed under sudo(8) growisofs refuses to start."
> > > ...
> > > And there is the answer to my question.  Andy is rightly concerned
> > > that running growisofs under sudo allows any user with sudo privilege
> > > read access to any file in the file system, as well as the right to
> > > execute program of their choice with elevated privileges.
> > 
> > IMHO, this is a dumb argument.  Whether or not sudo is properly
> > understood, configured or used is not growisofs's problem.
> 
> If i get both, Andy and Joerg, right, then they are concerned
> about the fact that you cannot configure sudo properly enough
> to close all potential security holes within their programs 
> (e.g. environment variables which may cause arbitrary programs to
> get started with the privileges granted by sudo).

Lots of programs read/write/exec* files based on the environment.
mkisofs is not so special.

> Both clearly advise to use setuid rather than sudo.

There is a very big difference between suggesting in documentation and
breaking in code.

-- 
<jakemsr@jakemsr.com>



Reply to: