Re: suid cdrecord and 2.6.9/2.6.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 18, 2005 at 05:41:07PM -0200, Juliano Ravasi Ferraz wrote:
> Nifty Hat Mitch wrote:
> > For the short term try running it with sudo and not setting it SUID.
> > Sudo gives you some control over who can run it.  SUID opens it wide.
> 
> Dunno... A well written suid application is much more secure than the
> same application with sudo. 

True, but in this case it was not designed to run SUID.
sudo lets you specify specific accounts that you trust
to run it.   SUID lets anyone run it.

> > It is possible (under properties for the icon) in many cases to add
> > sudo to the command for the point and click iconic folks out there.
> 
> Icon? There is no icon for cdrecord... cdrecord is backend... If you
> mean K3b or whatever, it is not a good idea to run it sudo for the same
> reason above, and K3b itself only knows about `cdrecord´... not `sudo
> cdrecord´. I would have at least to write an intermediate script.

Like I said sudo is sometimes better than SUID.

I did the sudo thing X-cdroast iconic launcher to limit my pain
when low level hardware access was locked out in the kernel for
all but root.

The critical decision for me was one and only one change
to make now and undo later and not a system wide change 
for all user accounts.


-- 
	T o m  M i t c h e l l 
	spam unwanted email.
	SPAM, good eats, and a trademark of  Hormel Foods.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux