| 1 |
On Friday 27 January 2012 20:49:49 Samuli Suominen wrote: |
| 2 |
> and people have multiple times tried to convince the cdrtools author to |
| 3 |
> change this, but without success. |
| 4 |
> the author can be, well, ... |
| 5 |
|
| 6 |
sure, i'm not expecting him to be anything resembling reasonable. but if we |
| 7 |
can reduce set*id impact by default and that means carrying a custom patch, i |
| 8 |
think that's OK. |
| 9 |
|
| 10 |
i thought we used to have set*id USE flags, but maybe all the packages with it |
| 11 |
have migrated away. |
| 12 |
|
| 13 |
my proposal would be to add a patch to ignore EACCES just like it already does |
| 14 |
for ENOENT. then add a setuid USE flag that'd give the behavior we have today |
| 15 |
(disabled by default) for the binaries that do writing. the ones that only |
| 16 |
read have no excuse for needing setuid. then if the user has built with USE=- |
| 17 |
setuid, we elog a message like: |
| 18 |
you've built with USE=-setuid. that means in order to access |
| 19 |
your discs, you need to add yourself to the cdrom group. |
| 20 |
if your burning does not go well, you can try adding the cdrom |
| 21 |
group to limits.conf with rtprio/mlock access like so: |
| 22 |
<snippets for people to copy & paste> |
| 23 |
-mike |
Archives