cdrecord permission problems
Bill Davidsen
davidsen at tmr.com
Mon Jul 7 17:01:54 UTC 2008
Alan Cox wrote:
>> Note that cdrecord doesn't come with Fedora, there is a link by that
>> name which leads to wodim. The usual drill is to change group on
>>
>
> wodim is the free software fork from cdrecord with other stuff added.
>
>
>> "cdrecord" to a new group, make the owner root, change perms to 4754,
>> and it should work. I highly advise downloading the real cdrecord rather
>> than using the "looks like" version.
>>
>
> I would advise the reverse. For one wodim doesn't need to be setuid root
> which is quite a dangerous thing to enable on a large binary (althoguh
> cdrecord has a good security history)
>
The reason setuid is needed is to allow use of vendor commands, and the
command filter in the kernel doesn't allow some as non-root. Certain
people in the kernel community refuse to add these command, the author
of cdrecord lacks any ability to work with other and ask nicely. Net
result of this pissing contest is that "real" cdrecord will burn some
combinations of media and hardware which wodim won't.
The right answer would be to have the kernel provide a way such as group
id, so I could identify devices and programs I trust with each other.
Hang the capability on a flag I could set, and the whole problem would
go away. Needless to say that wouldn't satisfy any of the people involved.
In any case, I wouldn't suggest it if I didn't believe it, Joerg
Schilling and I have gone around on a number of mailing lists, but he
does keep his software very up-to-date, and has done for decades.
--
Bill Davidsen <davidsen at tmr.com>
"Woe unto the statesman who makes war without a reason that will still
be valid when the war is over..." Otto von Bismark
More information about the fedora-list
mailing list