On Wed, 16 Jan 2002, martin f krafft wrote: > but then you have to be root to burn CDs. there is a reason why cdrdao > is setuid - it needs access to root-owned device files like /dev/scd0 > and /dev/sg0 (on Linux that is). > > i believe the right solution is to create a new group just for that, and > chgrp these device files to that group. then cdrdao works non-setuid, > and you have user-level control over who should be able to use the > burner, and who shouldn't. AFAIK, Linux /dev/sgX makes it possible to send virtually any SCSI command to the device without any serious sanity checking done by the kernel. After all, G stands for generic. It is not a good idea to give such a power directly into the hands of users. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 21:03:37 PST