[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cdrecord wihout SUID

On Tue, 8 Aug 2006 16:55:54 -0600
"Dwayne C. Litzenberger" <dlitz@dlitz.net> wrote:

>
> Also be CAREFUL.  On my system, /usr/bin/cdrecord is a SHELL SCRIPT, and 
> SUID-root shell scripts are a big security hole, IIRC.  You probably want 
> to set the permissions on /usr/bin/cdrecord.mmap.

Good points. OTOH, I always thought that suid on shell scripts was
just unsupported (i.e., script is run without extra permissions by the
kernel). Also, this script (and /usr/bin/cdrecord is a script here as
well) it only chooses the proper cdrecord to run, based on the kernel
version (cdrecord.shm for kernels 2.0 & 2.2, and cdrecord.mmap for
others). So the effective permissions are on the cdrecord.mmap
executable.

 
> Dwayne C. Litzenberger <dlitz@dlitz.net>


-- 
------------------------------------------------------------------------
David E. Fox                              Thanks for letting me
dfox@tsoft.com                            change magnetic patterns
dfox@m206-157.dsl.tsoft.com               on your hard disk.
-----------------------------------------------------------------------
Reply to: