1 |
Daniel Pielmeier <billie@g.o> wrote: |
2 |
|
3 |
> 2013/4/29 Joerg Schilling <Joerg.Schilling@××××××××××××××××.de> |
4 |
|
5 |
> > Do you like people to be able to open security holes? |
6 |
> |
7 |
> Adding an option to enable/disable linkage to libcap does not hurt anybody |
8 |
> it just eases maintaining the package. You can enable it by default if you |
9 |
> wish. |
10 |
> |
11 |
> As long as it is possible to remove libcap from the system the security |
12 |
> hole you are talking about is still there. The option does not change |
13 |
> anything. Currently one could still compile cdrtools without libcap and |
14 |
> afterwards install libcap and use setcap on cdrecord et al. which leads to |
15 |
> the same problem. |
16 |
|
17 |
OK, I could create such an option. |
18 |
|
19 |
I just don't like people to be able to do this without knowing that there is a |
20 |
potential security problem if the cdrecord binary has been assigned file caps |
21 |
but cdrecord doesn't understand that it is running with enhanced privileges. |
22 |
|
23 |
So I hope that from this discussion people here will remember the problem in |
24 |
case that somebody later runs into it. |
25 |
|
26 |
Jörg |
27 |
|
28 |
-- |
29 |
EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin |
30 |
js@××××××××××××.de (uni) |
31 |
joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/ |
32 |
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |