Re: Access rights with growisofs

To: CDWrite List <cdwrite@other.debian.org>
Subject: Re: Access rights with growisofs
From: Nick Urbanik <nicku@vtc.edu.hk>
Date: Tue, 13 Jul 2004 14:06:06 +0800
Message-id: <[🔎] 20040713060606.GA30012@vtc.edu.hk>
Mail-followup-to: CDWrite List <cdwrite@other.debian.org>
In-reply-to: <[🔎] 20040712232102.GA15561@funk.gsky.dom>
References: <[🔎] 20040712082708.GA29243@vtc.edu.hk> <[🔎] 40F29EDA.5090306@3times25.net> <[🔎] 20040712214421.GA8864@vtc.edu.hk> <[🔎] 20040712232102.GA15561@funk.gsky.dom>

On Mon, Jul 12, 2004 at 04:20:40PM -0701, Jacob Meuser wrote:
> On Tue, Jul 13, 2004 at 05:44:21AM +0800, Nick Urbanik wrote:
> 
> > I agree that sudo is useful; I wrote this intro to sudo for my
> > students: http://ictlab.tyict.vtc.edu.hk/ossi/lab/sudo/sudo.pdf which
> > includes a picture of a chainsaw, under which I wrote, "Doing
> > everything as root is like cutting bread with a chainsaw."
> > 
> > However, Andy wrote in his man page for growisofs in
> > dvd+rw-tools-5.19.4.9.7 that 
> > "If executed under sudo(8) growisofs refuses to start."
> > ...
> > #!/bin/ksh
> > unset SUDO_COMMAND
> > export MKISOFS=/path/to/trusted/mkisofs
> > exec growisofs "$@"
> > 
> > And there is the answer to my question.  Andy is rightly concerned
> > that running growisofs under sudo allows any user with sudo privilege
> > read access to any file in the file system, as well as the right to
> > execute program of their choice with elevated privileges.
> 
> This is just like the situation with more(1) or less(1).
> 
> IMHO, this is a dumb argument.  Whether or not sudo is properly
> understood, configured or used is not growisofs's problem.

Hmm, I'm beginning to think so too.  

Here is the output from mondoarchive:
[Main] libmondo-fork.c->eval_call_to_make_ISO#237: Calling open_evalcall_form()
[Main] libmondo-fork.c->eval_call_to_make_ISO#268: command = 'growisofs -J -no-e[Main] libmondo-fork.c->run_external_binary_with_percentage_indicator_NEW#893: c[Main] libmondo-fork.c->run_prog_in_bkgd_then_exit#852: sz_command = 'growisofs
:-( growisofs is being executed under sudo, aborting!
See NOTES paragraph in growisofs manual page for further details.
[Main] libmondo-fork.c->run_prog_in_bkgd_then_exit#855: child res = 141
Ejecting media.
Dagnabbit. It still failed.
                          Failed to burn DVD #1. Retry?

So it seems I need to make that little wrapper, name it growisofs,
rename the original growisofs, so that I can continue with using
mondo.  Yes, I think it's probably better to let people learn how to
use sudo themselves rather than teach them what to do from another
program.
-- 
Nick Urbanik   RHCE                               nicku(at)vtc.edu.hk
Proud member of the Dept. of Information & Communications Technology,
Home of Visual Paradigm: Jolt Productivity Award winner, programmed
by our own graduates!      Tel: (852) 2436 8576  Fax: (852) 2436 8526
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24   ID: BB9D2C24

Attachment: pgpGkSJjbxLNt.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Access rights with growisofs
  - From: Andy Polyakov <appro@fy.chalmers.se>

References:
- Access rights with growisofs
  - From: Nick Urbanik <nicku@vtc.edu.hk>
- Re: Access rights with growisofs
  - From: Geoffrey <esoteric@3times25.net>
- Re: Access rights with growisofs
  - From: Nick Urbanik <nicku@vtc.edu.hk>
- Re: Access rights with growisofs
  - From: Jacob Meuser <jakemsr@jakemsr.com>

Prev by Date: Re: Access rights with growisofs
Next by Date: Re: Access rights with growisofs
Previous by thread: Re: Access rights with growisofs
Next by thread: Re: Access rights with growisofs
Index(es):
- Date
- Thread