In UNIX, a code is better than a thousand words. The following two
lines of simple code should clearly convey to those in the know the
power of the setuid bit in UNIX/Linux/xBSD.
/bin/chgrp xcdwrite /usr/bin/cdparanoia
/bin/chmod 4710 /usr/bin/cdparanoia
With cdparanoia/xcdroast, I was able to "rip" a regular audio CD in
about 10 minutes (compared to sometimes hours with cdda2wav; however, it
must be noted that I have only very limited experience with either
program). Thus, conceivably, it should not be too difficult to write a
script combining cdparanoia and cdrecord for direct audio copying.
W. Wayne Liauh wrote:
Very good point(s). Again, I don't think we can discuss the setuid
issue without realizing that we are talking about (1) a
consumer-oriented desktop, for which there is necessarily a
recognizedly lesser level of security that needs to be implemented,
and (2) a set of CDROM-associated programs that are designed to have
their setuid turned on (i.e., w/o the options that may cause buffer
overflow concerns or other known security issues). When an executable
file has its SUID bit set, the file's owner owns the resulting
process, no matter who launched it. Of course we don't want the SUID
bit to be set for every executable program, but sometimes, such as su,
sudo as you mentioned, or a printing program such as lpr, this is a
necessary evil.
OTOH, you are also exactly right on the wrapper script that's setuid
to a certian group that has full access to the CDROM and CD Player.
In order to run cdparanoia or cdda2wav, you also have me make yourself
member of a group called "xcdwrite".
