Bugtraq mailing list archives
Re: cdrdao insecure filehandling
From: martin f krafft <madduck () madduck net>
Date: Wed, 16 Jan 2002 14:49:13 +0100
also sprach Anthony DeRobertis <asd () suespammers org> [2002.01.15.1312 +0100]:
dpkg-statoverride --update --add root root 0755 /usr/bin/cdrdao This tells dpkg that cdrdao is not to be suid root anymore, at least until you change or delete that override.
but then you have to be root to burn CDs. there is a reason why cdrdao is setuid - it needs access to root-owned device files like /dev/scd0 and /dev/sg0 (on Linux that is). i believe the right solution is to create a new group just for that, and chgrp these device files to that group. then cdrdao works non-setuid, and you have user-level control over who should be able to use the burner, and who shouldn't. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck "when I was a boy I was told that anybody could become president. now i'm beginning to believe it." -- clarence darrow
Attachment:
_bin
Description:
Current thread:
- cdrdao insecure filehandling Jens Steube (Jan 14)
- Re: cdrdao insecure filehandling Guillaume PELAT (Jan 15)
- Re: cdrdao insecure filehandling Anthony DeRobertis (Jan 15)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)
- Re: cdrdao insecure filehandling Luciano Miguel Ferreira Rocha (Jan 17)
- Re: cdrdao insecure filehandling Pavel Kankovsky (Jan 21)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)