Bugtraq mailing list archives

Re: cdrdao insecure filehandling

From: martin f krafft <madduck () madduck net>
Date: Wed, 16 Jan 2002 14:49:13 +0100

also sprach Anthony DeRobertis <asd () suespammers org> [2002.01.15.1312 +0100]:

dpkg-statoverride --update --add root root 0755 /usr/bin/cdrdao 

This tells dpkg that cdrdao is not to be suid root anymore, at least until 
you change or delete that override.


but then you have to be root to burn CDs. there is a reason why cdrdao
is setuid - it needs access to root-owned device files like /dev/scd0
and /dev/sg0 (on Linux that is).

i believe the right solution is to create a new group just for that, and
chgrp these device files to that group. then cdrdao works non-setuid,
and you have user-level control over who should be able to use the
burner, and who shouldn't.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
"when I was a boy I was told
 that anybody could become president.
 now i'm beginning to believe it."
                                                    -- clarence darrow

Attachment: _bin
Description:

Current thread:

cdrdao insecure filehandling Jens Steube (Jan 14)
- Re: cdrdao insecure filehandling Guillaume PELAT (Jan 15)
- Re: cdrdao insecure filehandling Anthony DeRobertis (Jan 15)
  - Re: cdrdao insecure filehandling martin f krafft (Jan 16)
    - Re: cdrdao insecure filehandling Luciano Miguel Ferreira Rocha (Jan 17)
    - Re: cdrdao insecure filehandling Pavel Kankovsky (Jan 21)