[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: security vs. usability
From: Jason Stephenson <panda () mis ! net>
Date: 2001-02-07 3:50:22
[Download RAW message or body]
On Tuesday 06 February 2001 03:44, Alex Zepeda wrote:
> On Mon, Feb 05, 2001 at 09:33:08PM -0500, Jason Stephenson wrote:
> > Before you ban all suid applications in the KDE libs, know that there is
> > one application that absolutely must run set uid root or in a root shell.
> > The app in question is nostraburnit. Nostraburnit calls cdrecord which
> > *must* run as root in order to do what it does with the SCSI bus. If I'm
> > not mistaken, it even has to be run with the user being root, and not
> > just as a suid.
>
> So, you couldn't change the permissions on the target device node?
>
> - alex
Alex,
Do you burn CDs with cdrecord? It's not enough to change permissions on the
device. cdrecord MUST run AS ROOT in order to do what it does to the SCSI
bus, not just according to me, but according to its documentation. If you run
it as another user, regardless of permission on the device, it tells you that
you have to run as root for it to work properly. Behold:
jason@casanova:~$ ls -l /dev/scd0
brwxrwxrwx 1 root disk 11, 0 Jul 18 1994 /dev/scd0
jason@casanova:~$ cdrecord -scanbus
Cdrecord 1.8.1 (i686-pc-linux-gnu) Copyright (C) 1995-2000 Jörg Schilling
cdrecord: Permission denied. Cannot open '/dev/sg0'. Cannot open SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are
root.
jason@casanova:~$ su
Password:
root@casanova:/home/jason$ cdrecord -scanbus
Cdrecord 1.8.1 (i686-pc-linux-gnu) Copyright (C) 1995-2000 Jörg Schilling
Using libscg version 'schily-0.1'
scsibus0:
0,0,0 0) 'PLEXTOR ' 'CD-R PX-W1210A' '1.07' Removable CD-ROM
0,1,0 1) *
0,2,0 2) *
0,3,0 3) *
0,4,0 4) *
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
root@casanova:/home/jason$
Change permissions on /dev/sg0 and you're told you can't open /dev/sg1 and so
on.
Even if changing permissions on all the devices would work, then I'd have to
include instructions with nostraburnit to tell the user how to do that on
every OS that nostraburnit get compiled on. It's far easier just to tell them
to run it as root.
Besides, having the permissions changed on all the devices is no better than
running nostraburnit as root, then, is it? In fact it's worse, 'cause now any
user can walk all over your devices and your SCSI bus. With nostraburnit
running as root, you only have a vulnerability in that one application, not
on your whole system!
I am personally adding the CD burning code to nostraburnit, so I can
personally vouch for its "security." :-)
I understand all the paranoia about running things as root. I do this stuff
for a living. I just think some of you are going a little far by not allowing
suid apps. I mean if you really want to be paranoid about security, then you
don't install binary software. You compile everything from source after
scanning every line of code for any dubious operations.
I know this particular reply is more specific than some of the general
discussion in this thread. I still stand by my statement that there are times
when suid applications are the best way to go. In most cases, I'd rather run
one or two apps as root than have all the devices on my system open to
tampering by regular users.
Cheers,
Jason
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic