1 |
On 29/04/13 16:09, Joerg Schilling wrote: |
2 |
> Nikos Chantziaras <realnc@×××××.com> wrote: |
3 |
> |
4 |
>>> But please first explain what "option" you are talking about. |
5 |
>> |
6 |
>> An option to forcibly enable and disable support. If enabled, the build |
7 |
>> system assumes the library is there. If disabled, it assumes the |
8 |
>> library is not there (even if it is). If not given at all, do |
9 |
>> autodetection. |
10 |
> |
11 |
> This may be an option for things that really are optional. |
12 |
> |
13 |
> Libcap however is not something optional but needed to support a basic security |
14 |
> feature. |
15 |
|
16 |
I thought it is optional, since it was mentioned that cdrtools can be |
17 |
built and ran without it? |
18 |
|
19 |
Unless you mean "recommended" instead of "required." "Recommended" |
20 |
means it's still optional. |
21 |
|
22 |
|
23 |
>> One thing I've learned in software development is that "the user knows |
24 |
>> best." If the user has the library installed, he should still be able |
25 |
>> to tell you "yes, I have that lib, but I don't want you to use it", and |
26 |
>> vice versa. |
27 |
> |
28 |
> As mentioned above, we are talking about a library to support basic security |
29 |
> features, so the code from that library would really belong into libc. Since |
30 |
> Linux now by default supports fcaps in the filesystems, cdrecord would open |
31 |
> a security hole if the library was not used - without that library, cdrecord |
32 |
> cannot even see that is has been called with additional privileges that need |
33 |
> to be removed before the main code is executed. |
34 |
> |
35 |
> Do you really like to go into a security risk with your eyes open? |
36 |
|
37 |
You don't know what my intentions are. I might be doing testing, |
38 |
debugging, who knows what. It's the "trying to be smarter than the |
39 |
user" thing. The defaults of course would be to built the software in a |
40 |
sane, secure way. Only users who know what they're doing would disable |
41 |
that, and they'd have their reasons. |