shouldn't cdrdao read-cd create the datafile with the real-uid as owner?
Files created with the euid are kind of anoying in sticky directories.
I suppose the propper fix would be to seteuid(getuid()) as soon as the
scsi devices are opened. Glancing through the code I'm not sure, this is
possible. I got the impression ScsiIf tries to re-open the device in
certain circumstances. Another idea is to setuid(getuid()) as soon as
possible and temporarily switch back to the old euid only when needed.
My current hack is to wrap the open() in CdrDriver::readDisc() in
apropriate seteuid() calls.
Thinking further about this issue, I suppose you should only allow
specially trusted users the right to use a setuid cdrdao. It reads the
toc file with full privileges. read-cd might be abused to overwrite
arbitrary files (even without malice, you might mistype ...).
ps: please keep me cc'ed
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0 B0E1 0556 E25A 7599 75BD
Get latest updates about Open Source Projects, Conferences and News.