[23927] in bugtraq
Re: cdrdao insecure filehandling
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Tue Jan 22 00:16:20 2002
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz>
Date: Sun, 20 Jan 2002 01:03:31 +0100 (MET)
To: martin f krafft <madduck@madduck.net>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20020116134913.GG16146@fishbowl.madduck.net>
Message-ID: <20020120004712.AC6.0@bobanek.nowhere.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 16 Jan 2002, martin f krafft wrote:
> but then you have to be root to burn CDs. there is a reason why cdrdao
> is setuid - it needs access to root-owned device files like /dev/scd0
> and /dev/sg0 (on Linux that is).
>
> i believe the right solution is to create a new group just for that, and
> chgrp these device files to that group. then cdrdao works non-setuid,
> and you have user-level control over who should be able to use the
> burner, and who shouldn't.
AFAIK, Linux /dev/sgX makes it possible to send virtually any SCSI
command to the device without any serious sanity checking done by
the kernel. After all, G stands for generic. It is not a good idea to
give such a power directly into the hands of users.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
