[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cdrecord wihout SUID

David E. Fox wrote:


On Tue, 8 Aug 2006 16:55:54 -0600
"Dwayne C. Litzenberger" <dlitz@dlitz.net> wrote:
Also be CAREFUL. On my system, /usr/bin/cdrecord is a SHELL SCRIPT, and SUID-root shell scripts are a big security hole, IIRC. You probably want to set the permissions on /usr/bin/cdrecord.mmap. 

Good points. OTOH, I always thought that suid on shell scripts was
just unsupported (i.e., script is run without extra permissions by the
kernel). Also, this script (and /usr/bin/cdrecord is a script here as
well) it only chooses the proper cdrecord to run, based on the kernel
version (cdrecord.shm for kernels 2.0 & 2.2, and cdrecord.mmap for
others). So the effective permissions are on the cdrecord.mmap
executable.
I just checked, and on my system cdrecord is also a script functioning just as you describe above. The permissions on cdrecord.mmap on my system looks to be the same as the script: 

jose@sweety:~$ which cdrecord.mmap
/usr/bin/cdrecord.mmap
jose@sweety:~$ ll `!!`
ll `which cdrecord.mmap `
-rwsr-xr-- 1 root cdrom 316K 2006-01-07 13:44 /usr/bin/cdrecord.mmap*

Thanks for the pointers.

Sincerely
Jose
Reply to: