Bugtraq mailing list archives
Re: cdrdao insecure filehandling
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sun, 20 Jan 2002 01:03:31 +0100 (MET)
On Wed, 16 Jan 2002, martin f krafft wrote:
but then you have to be root to burn CDs. there is a reason why cdrdao is setuid - it needs access to root-owned device files like /dev/scd0 and /dev/sg0 (on Linux that is). i believe the right solution is to create a new group just for that, and chgrp these device files to that group. then cdrdao works non-setuid, and you have user-level control over who should be able to use the burner, and who shouldn't.
AFAIK, Linux /dev/sgX makes it possible to send virtually any SCSI command to the device without any serious sanity checking done by the kernel. After all, G stands for generic. It is not a good idea to give such a power directly into the hands of users. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- cdrdao insecure filehandling Jens Steube (Jan 14)
- Re: cdrdao insecure filehandling Guillaume PELAT (Jan 15)
- Re: cdrdao insecure filehandling Anthony DeRobertis (Jan 15)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)
- Re: cdrdao insecure filehandling Luciano Miguel Ferreira Rocha (Jan 17)
- Re: cdrdao insecure filehandling Pavel Kankovsky (Jan 21)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)