From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RqwLv-0002Bu-A2 for garchives@archives.gentoo.org; Sat, 28 Jan 2012 00:41:11 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 54227E090E; Sat, 28 Jan 2012 00:41:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CCFF9E08F3 for ; Sat, 28 Jan 2012 00:40:13 +0000 (UTC) Received: from vapier.localnet (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 094161B4014 for ; Sat, 28 Jan 2012 00:40:13 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] useless set*id binaries Date: Fri, 27 Jan 2012 19:41:12 -0500 User-Agent: KMail/1.13.7 (Linux/3.2.0; KDE/4.6.5; x86_64; ; ) References: <201201271914.45638.vapier@gentoo.org> <4F233EBF.8040504@gentoo.org> In-Reply-To: <4F233EBF.8040504@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1544466.VGpe6CK4AI"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201201271941.13417.vapier@gentoo.org> X-Archives-Salt: d2d2c796-9524-4081-9e4f-7c3fd0be1321 X-Archives-Hash: d9ba5048277a731d7ea412a55ec1c099 --nextPart1544466.VGpe6CK4AI Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Friday 27 January 2012 19:18:07 Samuli Suominen wrote: > On 01/28/2012 02:14 AM, Mike Frysinger wrote: > > along these lines, why is cdrtools set*id ? if we have a "cdrom" group, > > and we assign our cdroms/dvdroms to that group, then we already have > > access control in place and can skip the set*id. >=20 > cdrtools can't probe the drives without the binary being setuid, or the > user belonging to the 'disk' group (and even that is not enough in some > cases if the permissions vary) the drives are owned by the "cdrom" group and have group +rw. so if the us= er=20 is in the "cdrom" group, why can't they probe the drives ? "disk" owns the non-removable hard drives. $ ls -l /dev/sr0 /dev/sg0 /dev/sg6 crw-rw---- 1 root disk 21, 0 Jan 6 23:07 /dev/sg0 crw-rw---- 1 root cdrom 21, 6 Jan 6 23:07 /dev/sg6 brw-rw---- 1 root cdrom 11, 0 Jan 17 22:28 /dev/sr0 =2Dmike --nextPart1544466.VGpe6CK4AI Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABAgAGBQJPI0QpAAoJEEFjO5/oN/WBIsoQAMg4ERRWlT6GgemOKyE+aAOg 54so/XXudtMY3+Y6BjVgiGnS/WREMMoGL35j4IgUoQZhdl1oTzhy13emzbDrXLr8 dz0D0cfjPnhdHlUT50jFMI3t4ZTBcwuDbpvwKVDA3gUfNbZ+hXBwO7YF8u5M03gZ fGANO8FTttPTV/SfX0Pj9D2fyDx+VrqgfmfWYm+Ynr5MHnBe/7xFqjdE36cPsgai VOpZuoRKZFOFhqtVidg5Df9L7L30g9GxMYT+Hkh9BwSZnSXvbTKsDspA7Gd+Rat+ PSrdr/FjPNAbNhgEm1PHcdETs43GnoKAC7RBZCBGKIUt9xHEDv3LN4toibx5s9bY FufC72UGfvz8lk8RSfqFvvab6S2w9XYxBZOBxotnlKRR5xNcL+t/No8BF/iL+Cqz P+CNHQ7+KkMSgeDwrnwuWphq0kv6XwzSbLvr5tre9lCE1BbtLEyUV388pT5pDRCp hFB5nTx/Q+IX/ZqSfFaVvhOps5bvhGjkTkxl74q01LWf6t66bz7Nq8R2ujs19O0/ CBlFf4iMJboFpX17lzGx+IKPjs0md1WJWO0AOlViux0u7zCzpG9RQQT5JRJXritL ZMQABV2QRzqqwm0loiWFtMThAWEr3XUqbLef6c9kgsEjvuTPMWM9aLePwE1l3jqZ dy2YoGugZuetkBmQSp2Q =/TmY -----END PGP SIGNATURE----- --nextPart1544466.VGpe6CK4AI--