[WBEL-users] graphical cd recocrder
Bill Davidsen
davidsen@tmr.com
Tue, 22 Jun 2004 15:12:14 -0400
Michael Squires wrote:
> According to the docs provided with xcdroast on my FreeBSD 4.10-STABLE
> box xcdroast causes the file "xcdwrap" to be executed SUID. The
> xcdroast manual indicates that it has to be run first as root, after
> which ordinary users can run it, which is consistent with the wrapper
> being SUID.
>
> This may be too much of a hole for some people (like me).
The job of a wrapper is to be not only setuid but also small enough so
that you can manually verify what they do. In this case there's a
problem in that I think the final cdrecord process needs to be running
as root. There may be a solution in "capabilities" to allow the process
to set itself realtime priority, I haven't looked at that in 2.4 kernels
at all.
--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me