| 1 |
Daniel Pielmeier <billie@g.o> wrote: |
| 2 |
|
| 3 |
> 2013/4/29 Joerg Schilling <Joerg.Schilling@××××××××××××××××.de> |
| 4 |
|
| 5 |
> > Do you like people to be able to open security holes? |
| 6 |
> |
| 7 |
> Adding an option to enable/disable linkage to libcap does not hurt anybody |
| 8 |
> it just eases maintaining the package. You can enable it by default if you |
| 9 |
> wish. |
| 10 |
> |
| 11 |
> As long as it is possible to remove libcap from the system the security |
| 12 |
> hole you are talking about is still there. The option does not change |
| 13 |
> anything. Currently one could still compile cdrtools without libcap and |
| 14 |
> afterwards install libcap and use setcap on cdrecord et al. which leads to |
| 15 |
> the same problem. |
| 16 |
|
| 17 |
OK, I could create such an option. |
| 18 |
|
| 19 |
I just don't like people to be able to do this without knowing that there is a |
| 20 |
potential security problem if the cdrecord binary has been assigned file caps |
| 21 |
but cdrecord doesn't understand that it is running with enhanced privileges. |
| 22 |
|
| 23 |
So I hope that from this discussion people here will remember the problem in |
| 24 |
case that somebody later runs into it. |
| 25 |
|
| 26 |
Jörg |
| 27 |
|
| 28 |
-- |
| 29 |
EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin |
| 30 |
js@××××××××××××.de (uni) |
| 31 |
joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/ |
| 32 |
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |
Archives