At 08:43 10/05/2003 +0200, you wrote:
On Sat, May 10, 2003 at 12:53:16AM +0200, José Luis Tallón wrote:
[...]
> *Since the program needs some SUID executables I do two things:
> - tell the user to run 'dpkg-reconfigure cdrecord' to enable recording for
> unprivileged users; warn about security implications
> - chown root.cdrom; chmod 4750 /usr/bin/{setScheduler,CDWverify} in the
> postinst, so that lintian does not give a warning.
[...]
Won't the program work if the devices (sr* and the corresponding
/dev/sg-device) are rw for the user webCDwriter runs as?
they can be rw for group cdrom ( they *should* remain owned by 'root' ),
which CDWserver setgid()s as.
It needs to be able to run cdrecord / mkisofs / growisofs / ... and access
the devices with the unprivileged user it runs as.
Your approach would help if the upstream did not check the permissions to
ensure they are SUID root, mode 4750.
I don't think it would be polite nor effective to include an enormous patch
in the first released version of the package, just to work this around.
I probably wouldn't try to make the required change - finding the
correct sg-device (with scsitools?) and changing it 0660 root:cdrom -
automatically, but just document it.
thanks for the suggestion.
cu andreas
Regards,
J.L.
