On Thu, Apr 03, 2003 at 05:17:45AM +1000, bob parker wrote: > On Thu, 3 Apr 2003 04:22, David Fokkema wrote: > > Well, you are right, so I tried, :-). It works, so there is reason to be > > glad. However, I'm still wondering how paranoid I must be to still want > > cdrdao to run without setuid. Furthermore, without setuid and with group > > permissions or something like that I should be able to control which users > > may use the writer and which may not. So I will use this until I find > > something better... > > David, > > Here is the way Debian installs cdrecord > > -rws--x--- 1 root cdrom 177k Apr 9 2002 /usr/bin/cdrecord
The package I see in unstable installs as -rwsr-xr-- if you're running setuid, which is much more sensible (there's a comment in the Debian policy manual noting that there's no point making binaries unreadable since people can always just fetch them from the freely available packages). Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]