| 1 |
On Friday 27 January 2012 19:18:07 Samuli Suominen wrote: |
| 2 |
> On 01/28/2012 02:14 AM, Mike Frysinger wrote: |
| 3 |
> > along these lines, why is cdrtools set*id ? if we have a "cdrom" group, |
| 4 |
> > and we assign our cdroms/dvdroms to that group, then we already have |
| 5 |
> > access control in place and can skip the set*id. |
| 6 |
> |
| 7 |
> cdrtools can't probe the drives without the binary being setuid, or the |
| 8 |
> user belonging to the 'disk' group (and even that is not enough in some |
| 9 |
> cases if the permissions vary) |
| 10 |
|
| 11 |
the drives are owned by the "cdrom" group and have group +rw. so if the user |
| 12 |
is in the "cdrom" group, why can't they probe the drives ? |
| 13 |
|
| 14 |
"disk" owns the non-removable hard drives. |
| 15 |
|
| 16 |
$ ls -l /dev/sr0 /dev/sg0 /dev/sg6 |
| 17 |
crw-rw---- 1 root disk 21, 0 Jan 6 23:07 /dev/sg0 |
| 18 |
crw-rw---- 1 root cdrom 21, 6 Jan 6 23:07 /dev/sg6 |
| 19 |
brw-rw---- 1 root cdrom 11, 0 Jan 17 22:28 /dev/sr0 |
| 20 |
-mike |
Archives