[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#116139: marked as done (xmcd: xmcd works for root, not for non-root)

Your message dated Mon, 29 Dec 2008 11:48:43 +0000
with message-id <4958B91B.4060001@wormwood666.demon.co.uk>
and subject line Done: xmcd: xmcd works for root, not for non-root
has caused the Debian Bug report #116139,
regarding xmcd: xmcd works for root, not for non-root
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

116139: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=116139
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: xmcd
Version: 2.6-8
Severity: important

xmcd works perfectly for the root user, not at all for the non-root users.

basically, as non-root, it doesn't even detect the disk.  gleaned from debug
mode as non-root:

   Setting uid to 1000, gid to 1000
   Lock file: /tmp/.cdaudio/lock.1640
   Open: /dev/cdrom
   Cannot open /dev/cdrom: errno=13
   Open of /dev/cdrom failed

i tried making /usr/bin/xmcd setuid root, with no success.  then it occured
to me that it *should've* worked.  looking at /usr/bin/xmcd, it turns out to
be a bash script and linux doesn't honor setuid on bash scripts.   turns out 
the real exe is located at /usr/lib/xmcd/xmcd.

i made that setuid root, and now xmcd works for non-root.

this is semi-nonsense because nobody should be using xmcd as non-root, so
this default behavior makes no sense.  at the very least, the deb install
script should ask the user if xmcd should be installed as setuid root.  a
number of debian packages do this.

xmcd installation should give the option of creating the execuatable as
setuid root along with the standard disclaimer of the "dangers" of doing
such a thing.  but it should also say "the alternative is that you can only
play cd's as root,  and that's not exactly safe either".

has nobody reported this?   am i the only one having this problem?


-- System Information
Debian Release: testing/unstable
Kernel Version: Linux satan 2.4.10 #1 SMP Fri Oct 5 10:42:51 PDT 2001 i686 unknown

Versions of the packages xmcd depends on:
ii  cddb           2.6-8          CD DataBase support tools
ii  lesstif1       0.93.0-1       OSF/Motif implementation released under LGPL
ii  libc6          2.2.4-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20010318-3 Shared libraries for terminal handling
ii  xlibs          4.1.0-7        X Window System client libraries
ii  zlib1g         1.1.3-15       compression library - runtime

--- End Message ---
--- Begin Message ---
Package: xmcd
Version: 2.6-21

--- Please enter the report below this line. ---

This box seems to have had its root not in a fault with xmcd, but due to the
bug reporter not having the cdrom group own the cdrom device.

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

Reply to: