Bugtraq mailing list archives
Re: cdrdao insecure filehandling
From: Luciano Miguel Ferreira Rocha <strange () nsk yi org>
Date: Thu, 17 Jan 2002 01:22:28 +0000
On Wed, Jan 16, 2002 at 02:49:13PM +0100, martin f krafft wrote:
but then you have to be root to burn CDs. there is a reason why cdrdao is setuid - it needs access to root-owned device files like /dev/scd0 and /dev/sg0 (on Linux that is).
On RedHat's distribution, and I believe many others based on PAM, the owner
of those files (or any other so configured) is changed to the user on the
console when he loggs in.
The PAM module responsable for the change of permissions is pam_console.so,
and the file describing the permissions is /etc/security/console.perms.
Just see man pam_console for more details.
Regards,
Luciano Rocha
PS: obviously, I don't know whether Debian uses PAM or not...
--
Luciano Rocha, strange () nsk yi org
The trouble with computers is that they do what you tell them, not what
you want.
-- D. Cohen
Current thread:
- cdrdao insecure filehandling Jens Steube (Jan 14)
- Re: cdrdao insecure filehandling Guillaume PELAT (Jan 15)
- Re: cdrdao insecure filehandling Anthony DeRobertis (Jan 15)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)
- Re: cdrdao insecure filehandling Luciano Miguel Ferreira Rocha (Jan 17)
- Re: cdrdao insecure filehandling Pavel Kankovsky (Jan 21)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)