1 |
On Friday 27 January 2012 20:49:49 Samuli Suominen wrote: |
2 |
> and people have multiple times tried to convince the cdrtools author to |
3 |
> change this, but without success. |
4 |
> the author can be, well, ... |
5 |
|
6 |
sure, i'm not expecting him to be anything resembling reasonable. but if we |
7 |
can reduce set*id impact by default and that means carrying a custom patch, i |
8 |
think that's OK. |
9 |
|
10 |
i thought we used to have set*id USE flags, but maybe all the packages with it |
11 |
have migrated away. |
12 |
|
13 |
my proposal would be to add a patch to ignore EACCES just like it already does |
14 |
for ENOENT. then add a setuid USE flag that'd give the behavior we have today |
15 |
(disabled by default) for the binaries that do writing. the ones that only |
16 |
read have no excuse for needing setuid. then if the user has built with USE=- |
17 |
setuid, we elog a message like: |
18 |
you've built with USE=-setuid. that means in order to access |
19 |
your discs, you need to add yourself to the cdrom group. |
20 |
if your burning does not go well, you can try adding the cdrom |
21 |
group to limits.conf with rtprio/mlock access like so: |
22 |
<snippets for people to copy & paste> |
23 |
-mike |