[23893] in bugtraq
Re: cdrdao insecure filehandling
daemon@ATHENA.MIT.EDU (Luciano Miguel Ferreira Rocha)
Thu Jan 17 12:25:29 2002
Date: Thu, 17 Jan 2002 01:22:28 +0000
From: Luciano Miguel Ferreira Rocha <strange@nsk.yi.org>
To: bugtraq@securityfocus.com
Message-ID: <20020117012228.A7440@nsk.yi.org>
Reply-To: strange@nsk.yi.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020116134913.GG16146@fishbowl.madduck.net>; from madduck@madduck.net on Wed, Jan 16, 2002 at 02:49:13PM +0100
On Wed, Jan 16, 2002 at 02:49:13PM +0100, martin f krafft wrote:
> but then you have to be root to burn CDs. there is a reason why cdrdao
> is setuid - it needs access to root-owned device files like /dev/scd0
> and /dev/sg0 (on Linux that is).
On RedHat's distribution, and I believe many others based on PAM, the owner
of those files (or any other so configured) is changed to the user on the
console when he loggs in.
The PAM module responsable for the change of permissions is pam_console.so,
and the file describing the permissions is /etc/security/console.perms.
Just see man pam_console for more details.
Regards,
Luciano Rocha
PS: obviously, I don't know whether Debian uses PAM or not...
--
Luciano Rocha, strange@nsk.yi.org
The trouble with computers is that they do what you tell them, not what
you want.
-- D. Cohen
