On Fri, 2004-08-20 at 18:57, Jeremy Katz wrote: > On Fri, 2004-08-20 at 12:47 -0400, Sean Middleditch wrote: > > k3b uses the cdrecord command line tool to do its work, iirc. You don't > > need to run k3b as root, just make cdrecord setuid. Which is exactly > > how the cdrecord author has always told people to use it. If you want > > to limit who can use cdrecord, change it's group and remove execute > > permissions for 'others'. Then only people in the group (or root) can > > execute cdrecord, and because its setuid root, it'll always work. > > ... > > which is a bad idea as I can now burn anything on the filesystem. Want > a copy of /etc/shadow to start cracking those passwords? Now you can > get one :) cdrecord drops all it's capabilities except the raw hw one...
Attachment:
signature.asc
Description: This is a digitally signed message part
