Hello,
I became aware of bug #164283 that seems to me security related and --
even worse -- affects woody. I have not been able to exploit it easily
(by burning /etc/shadow to a CD or something like that) but it really
should be fixed IMHO. The attached patch should fix woody's package.
Torsten
--
Torsten Werner Dresden University of Technology
mailto:email@;twerner42.de telephone: +49 (351) 463 36711
http://www.twerner42.de/ telefax: +49 (351) 463 36809
diff -ru cdrtools-1.10/debian/cdrecord.postinst cdrtool-fix/debian/cdrecord.postinst
--- cdrtools-1.10/debian/cdrecord.postinst Thu Nov 14 09:42:03 2002
+++ cdrtool-fix/debian/cdrecord.postinst Thu Nov 14 09:43:52 2002
@@ -12,9 +12,9 @@
RET=false
db_get cdrecord/SUID_bit
if [ "$RET" = "true" ]; then
- cdrecord_mod=4755
+ cdrecord_mod=4750
chown root.cdrom /usr/bin/cdrecord
- chmod 4755 /usr/bin/cdrecord
+ chmod 4750 /usr/bin/cdrecord
else
chown root.root /usr/bin/cdrecord
chmod 0755 /usr/bin/cdrecord
