[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: security vs. usability
From: Marcus Meissner <Marcus.Meissner () caldera ! de>
Date: 2001-02-06 10:17:07
[Download RAW message or body]
In article <01020521330802.00671@casanova> you wrote:
> All I'm going to add to this conversation is the following:
> Before you ban all suid applications in the KDE libs, know that there is one
> application that absolutely must run set uid root or in a root shell. The app
> in question is nostraburnit. Nostraburnit calls cdrecord which *must* run as
> root in order to do what it does with the SCSI bus. If I'm not mistaken, it
> even has to be run with the user being root, and not just as a suid.
It must not be run as root or setuid root.
You can create a small helper root daemon, which listens on a UNIX domain
socket and passes a filedescriptor pointing to /dev/sgX on request.
No need for setuid and you also get access checks to those devices
and can restrict access to CD Burners (or Scanners).
[It is on our plan to write such a helper but due to time constraints we
haven't yet.]
Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic