Volker Kuhlmann <[EMAIL PROTECTED]> wrote: > > Volker > > > > I would have provided cdrecord packages, alas I never had problems with > > the SuSE-supplied ones, therefore no point spending time on it. > > > > The binary (with DVD patch, disclaimer and all) which i > > found after system installation did not work setuid root. > > Since that method is advised by the man who must know, > > i will not advise my users to do it different. > > That is a matter of opinion, of course. I dislike suid programs, and > have only Jörg's word that it'll be ok. On the other hand I have a > binary which is modified to not require suid, which seems the better > concept to me in any case.
How do you believe that you may run cdrecord without root privs without compromising the security of the whole system? > If Jörg wants me to believe he's better than the SuSE security team > (who have a bigger reputation to lose), he will have to supply better If Suse has a security team, it is a joke.... Last year, I have been contacted by Suse (after I send out angry news postings about broken and non-functional SuSE cdrecord binaries). The person on question did point be to a possible printf format string problem in libscg..... but: He also informed me about SuSE's Resource manager patch and send me a pointer to the related source code. After I send him a reply that did explained why the SuSE resource manager is a security risk itsef I got no further reply :-( Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]