Re: Bug#71237: cdparanoia: cannot use cdparanoia 'out of the box' as a non-root user.
Quoting "Dale E. Martin" <dmartin@clifton-labs.com>:
> > As relaxing permissions in general on /dev/sg* would create more of a
> > potential security risk for SCSI-based systems, and there is no
> > constant mapping between [/dev/scd*] and [/dev/sg*], cdparanoia should
> > be made suid root and should drop root privelages after determining
> > which /dev/sg* device to use and opening said device. Such checking
> > should also be made after a permission check of the /dev/scd* device.
>
> I'm not sure I agree with your solution.
Neither do I... In no way should mapping or device modes be available
to ordinary users.
I actually happened to me once, when I wasn't paying enough attention,
that I managed to map sga to sda, which you can imagine isn't good :)
If you are root, your problem, your disk, your process. But if I make that
mistake (setting the modes wrong) as root and another user try to use
cdparanoia (or whatever) and messes the hard disk up, then who's fault
is it (really)? And does it really matter? The disk/content is gone...
The modes and execution as cdparanoia/cdwrite/whatever SHOULD be done as
root, manually, after CAREFULLY read and understood any cdwriting HOWTO.
That way no special user (or the Debian maintainer) can be blamed for
errors/problems that can arise from automatic generation of any modes...
--
kibo explosion security nuclear genetic Ft. Meade Iran Panama Cuba
cracking North Korea Ft. Bragg nitrate president NORAD
[See http://www.aclu.org/echelonwatch/index.html for more about this]
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: