Re: cdrtools-2.01a37 ready
On Fri, Aug 20, 2004 at 03:49:28PM +0200, Joerg Schilling wrote:
> How do you believe that you may run cdrecord without root privs without
> compromising the security of the whole system?
On OpenBSD, members of the operator group are allowed to reboot the
system, change tapes ... normal things that someone trusted to operate
the system would be allowed to do. Letting them write to CD/DVD is
very low on the scale of bad things they could already do, like boot
into single user mode and mess with all kinds of stuff, and so does
not further compromise the security of the system. There is virtually
no way anyone could escalate their privileges by simply allowing them
to write to a CD device.
On linux I have a cdwrite group that is allowed to write to the CD
device, and I add users who I trust with that privilege to that group.
But having suid binaries gives _anyone_ the possibility of escalating
to root. This has already happened to the very software we are
talking about.
Using the suid bit takes away all the fine grained "access control".
Security is based on trust. I don't have time to read all the code
for every program on my system, so since I don't know it, I don't
trust it. I do know the people who are going to be writing to the
CD device, and I trust my judgement of their intentions.
--
<jakemsr@jakemsr.com>
Reply to: