1 |
Daniel Pielmeier <billie@g.o> wrote: |
2 |
|
3 |
> > I am concerned about a different scenario: |
4 |
> > |
5 |
> > Imagine, you compile cdrtools without libcap and later install the support for |
6 |
> > the OS. Now you decide to use "setcap" to make cdrecord work. Cdrecord will |
7 |
> > really work this way, but you opened a security hole as this cdrecord now is |
8 |
> > not privileges aware and thus cannot even detect that it is running with more |
9 |
> > than basic privileges. Such a cdrecord installation will happyly write any |
10 |
> > local file for any local user to CD. |
11 |
> > |
12 |
> > Jörg |
13 |
> > |
14 |
> |
15 |
> If you add an option to make conditional linkage against libcap possible |
16 |
> there are only two possible scenarios. cdrtools links against libcap and |
17 |
> the capabilities are set or it doesn't link against libcap and cdrtools |
18 |
> are installed suid root without capabilities. |
19 |
> |
20 |
> Everything is done in the ebuild and the user does not need to mess with |
21 |
> setcap. It is controlled by the package manager and the linkage and |
22 |
> capability setting are tied together at installation time. |
23 |
> |
24 |
> Just adding an option similar to the one for the ACLs would make my live |
25 |
> a lot easier. Just enable it by default and make it possible to switch |
26 |
> it off. |
27 |
|
28 |
I am not shure whether there is a missunderstanding. |
29 |
|
30 |
You could have an installation without libcap and without setcap/getcap where |
31 |
cdrecord still has active file capabilities. Nobody could check why, but |
32 |
cdrecord would be able to write any local file to CD on such a system. |
33 |
|
34 |
The only problem I see is that you are able to remove important software on a |
35 |
Linux installation while the kernel still supports the feature by default. |
36 |
|
37 |
Jörg |
38 |
|
39 |
-- |
40 |
EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin |
41 |
js@××××××××××××.de (uni) |
42 |
joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/ |
43 |
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |