Re: cdrdao insecure filehandling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 16, 2002 at 02:49:13PM +0100, martin f krafft wrote:
> but then you have to be root to burn CDs. there is a reason why cdrdao
> is setuid - it needs access to root-owned device files like /dev/scd0
> and /dev/sg0 (on Linux that is).

On RedHat's distribution, and I believe many others based on PAM, the owner
of those files (or any other so configured) is changed to the user on the
console when he loggs in.

The PAM module responsable for the change of permissions is pam_console.so,
and the file describing the permissions is /etc/security/console.perms.
Just see man pam_console for more details.

Regards,
Luciano Rocha

PS: obviously, I don't know whether Debian uses PAM or not...

-- 
Luciano Rocha, strange@nsk.yi.org

The trouble with computers is that they do what you tell them, not what
you want.
                -- D. Cohen

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux