| 1 |
Joerg Schilling schrieb am 29.04.2013 18:36: |
| 2 |
> Daniel Pielmeier <billie@g.o> wrote: |
| 3 |
> |
| 4 |
>> 2013/4/29 Joerg Schilling <Joerg.Schilling@××××××××××××××××.de> |
| 5 |
> |
| 6 |
>>> Do you like people to be able to open security holes? |
| 7 |
>> |
| 8 |
>> Adding an option to enable/disable linkage to libcap does not hurt anybody |
| 9 |
>> it just eases maintaining the package. You can enable it by default if you |
| 10 |
>> wish. |
| 11 |
>> |
| 12 |
>> As long as it is possible to remove libcap from the system the security |
| 13 |
>> hole you are talking about is still there. The option does not change |
| 14 |
>> anything. Currently one could still compile cdrtools without libcap and |
| 15 |
>> afterwards install libcap and use setcap on cdrecord et al. which leads to |
| 16 |
>> the same problem. |
| 17 |
> |
| 18 |
> OK, I could create such an option. |
| 19 |
> |
| 20 |
> I just don't like people to be able to do this without knowing that there is a |
| 21 |
> potential security problem if the cdrecord binary has been assigned file caps |
| 22 |
> but cdrecord doesn't understand that it is running with enhanced privileges. |
| 23 |
> |
| 24 |
> So I hope that from this discussion people here will remember the problem in |
| 25 |
> case that somebody later runs into it. |
| 26 |
> |
| 27 |
> Jörg |
| 28 |
> |
| 29 |
|
| 30 |
Thank you very much. I'd appreciate that. I think on Gentoo I can take |
| 31 |
the measures that such things do not happen. |
| 32 |
|
| 33 |
From the distro perspective everything should be okay. Cdrtools is |
| 34 |
either installed suid root without capabilities and not linked against |
| 35 |
libcap or it is installed with capabilities and linked against libcap. |
| 36 |
|
| 37 |
If users are messing with setcap they should know what they are doing or |
| 38 |
they are on their own. |
| 39 |
|
| 40 |
Thank you for your support. |
| 41 |
|
| 42 |
-- |
| 43 |
Regards |
| 44 |
Daniel Pielmeier |
Archives