[Bug 63539] my 2 eurocents on this "cdrecord problem"

Andriy Tymchenko silpol at gmail.com
Fri Jan 19 12:57:04 GMT 2007


my bug https://launchpad.net/ubuntu/+source/gnomebaker/+bug/75330 has
been made duplicated to this, so I think it makes sense to put feedback
here too

After I had bug filed and wait, I have made also support request
https://launchpad.net/ubuntu/+ticket/2905 and first reply gave me a URL
to ubuntuforums posting where temporary workaround is suggested. It also
made overall picture more or less clear. There is a conflict in
understanding of security architecture between author(s) of cdrecord and
Debian team member(s), which causes deadlock. Cdrecord author claims
that cdrecord binaries shall have root-level access (literally in SUID-
bit set on) in order to gain pereformance-related kernel features, and
in his opinion it is completely safe to put SUID on. Debian team stays
on opposite, i.e. one should be completely insane from security point of
view to put SUID flag on "just because package author thinks so", and
they refuse to put SUID bits in Debian distro.

As for now, I haven't had enough time to get into issue deeper and try
find real solution (it doesn't seem to be on surface IMHO). I haven't
been dare to set SUID on my desktop PC, as I knew that SUID on
completely unrelated binary might be used as attack vector (I was
security engineer for few Debian-derived distros).

So, as a bottom liner I suggest two things on this:
1) someone from Ubuntu team could get around cdrecord bugs (also all cdrecord-dependant packages bugs) and try to sort out all of them as duplicate of this (or any other from selected) bug
2) make an effort to find security-safe solution to this problem, as it might need more serious effort than just plain bugfixing - problem IS deeper, on the level of security architecturing, and tweaking here and there hardly ever helps.

-- 
Can't burn CD-RW, CD-R etc in Gnome in Edgy Beta
https://launchpad.net/bugs/63539



More information about the Ubuntu-burning mailing list