1 |
Joerg Schilling schrieb am 29.04.2013 18:36: |
2 |
> Daniel Pielmeier <billie@g.o> wrote: |
3 |
> |
4 |
>> 2013/4/29 Joerg Schilling <Joerg.Schilling@××××××××××××××××.de> |
5 |
> |
6 |
>>> Do you like people to be able to open security holes? |
7 |
>> |
8 |
>> Adding an option to enable/disable linkage to libcap does not hurt anybody |
9 |
>> it just eases maintaining the package. You can enable it by default if you |
10 |
>> wish. |
11 |
>> |
12 |
>> As long as it is possible to remove libcap from the system the security |
13 |
>> hole you are talking about is still there. The option does not change |
14 |
>> anything. Currently one could still compile cdrtools without libcap and |
15 |
>> afterwards install libcap and use setcap on cdrecord et al. which leads to |
16 |
>> the same problem. |
17 |
> |
18 |
> OK, I could create such an option. |
19 |
> |
20 |
> I just don't like people to be able to do this without knowing that there is a |
21 |
> potential security problem if the cdrecord binary has been assigned file caps |
22 |
> but cdrecord doesn't understand that it is running with enhanced privileges. |
23 |
> |
24 |
> So I hope that from this discussion people here will remember the problem in |
25 |
> case that somebody later runs into it. |
26 |
> |
27 |
> Jörg |
28 |
> |
29 |
|
30 |
Thank you very much. I'd appreciate that. I think on Gentoo I can take |
31 |
the measures that such things do not happen. |
32 |
|
33 |
From the distro perspective everything should be okay. Cdrtools is |
34 |
either installed suid root without capabilities and not linked against |
35 |
libcap or it is installed with capabilities and linked against libcap. |
36 |
|
37 |
If users are messing with setcap they should know what they are doing or |
38 |
they are on their own. |
39 |
|
40 |
Thank you for your support. |
41 |
|
42 |
-- |
43 |
Regards |
44 |
Daniel Pielmeier |