sudo growisofs ... /etc/shadow env MKISOFS=/tmp/evil.script sudo growisofs ... is enough reason for vast majority of users. A.How about I create a non superuser "burn" that is allowed to burn through permissions on the block device and then use:
Well, who makes sure that input data readable for non-superuser "burn"? Is it acceptable that account in question can be used for virtually any purpose through env MKISOFS=/tmp/evil.script ...? I bet not, and then we just come back to the workaround suggested in man-page. And once again, if you disagree just compile with 'make WARN=-DI_KNOW_ALL_ABOUT_SUDO' and make your own rules. A.