Johann Peter Dirichlet <peterdirichlet.freesoftware@xxxxxxxxx> wrote:
> > There are two possible solutions:
> >
> > 1) Look at the turkish Linux distro that delivers a complete
> > uncastrated Linux, create a linux distro that includes the
> > needed features (make sure that these features cannot be
> > unconfigured) and send me a version so I can start implementing
> > support for fine grained privileges on Linux into cdrtools.
> >
> > 2) Continue to deliver a reduced Linux that does not give you the
> > choice for a different solution and live with the consequences
> > that force you to install cdrecord/readcd/cdda2wav suid root
> > in order to gain the needed privileges.
>
> It is a Linux kernel issue (make menuconfig)? Or just a "install this
> package in order to fine control cdrtools privileges"?
A Linux distro that is feasible for a non-root cdrecord would need to include
full support for fine grained privileges and the distro would need to make sure
that this cannot be turned off later.
This includes:
- Kernel support for fine grained privs
- Library support for above
- Support for automated raising of privileges for specific user land
programs.
This can either be done by something like pfexec(1) that itself is
very small (400 lines) and reads the databases in /etc/security
like /etc/security/exec_attr
Or it can be done by having a root filesystem that supports
mandatory access controls that act similar to suid root
but for fine grained privs.
Jörg
--
EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
js@xxxxxxxxxxxxxxx (uni)
joerg.schilling@xxxxxxxxxxxxxxxxxxx (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
