Charles Howse <[EMAIL PROTECTED]> writes: > On Thursday 27 November 2003 11:16 am, Lowell Gilbert wrote: > > Charles Howse <[EMAIL PROTECTED]> writes: > > > There has been signifigant discussion here in the past about cdbakeoven > > > not detecting ATAPI burners when run as an ordinary user. > > > > > > I had this issue, and may have a solution. > > > > > > Be sure your kernel is compiled with device atapicam. > > > > > > As root do: > > > # chmod u+s /usr/local/bin/cdrecord > > > Which will allow cdrecord to run as suid root. > > > > In other words, it's still not being run as an ordinary user... > > cdbakeoven *is* being run as an ordinary user, which was the original issue, > but to detect an atapi burner, it has to do 'cdrecord -scanbus', which will > fail if not run as root. Make sense?
I understood perfectly, but I don't think you've thought through all the implications. The process executing cdrecord is *not* being run as a normal user. The process is actually running as uid zero, which is to say that it's running as *root*. This is considerably less secure than running as the user's own uid. Thus, for systems where you're worried about the security with regard to local users, you are *vastly* worse off by making the executable suid-root. There's a reason that the standard security scripts report to you *every* *night* on any new suid executables on the system. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"