Re: cdrdao / ide-scsi problem

[bob parker <bob_parker@dodo.com.au>]

On Thu, 3 Apr 2003 20:59, Qian Gong wrote:
> > >
> > > Sudo is a solution.
> >
> > Well, that way a user that can run cdrdao can run basically everything,
> > can't he?
>
> No. By sudo you can limit the user to run a specific program, even with
> specific options.

sudo is a setuid program, it needs to be to do it's job.

If you use it to run a rogue program that is going to do some damage then the 
damage will be done whether that program is setuid root, whether you sudo it, 
or whether you su and then run it as root.

Using a setuid root program (sudo) to avoid having cdrecord or cdrdao set up 
as setuid root just does not any sense to me at all.

If you have a trojanned version of cdrdao it will do its damage when you run 
it with root's priveledges however you do it. And if you do not run it with 
root's priveledges it will not run at all.

The question is really whether you have obtained your copy of cdrdao from a 
trusted source or not.

Or so it seems to me.

Regards to all
Bob