On Mon, 2005-11-28 at 09:27 -0600, Barry Brimer wrote:
There is a statement about burning CDs as a non-root user under 2.6.8+ kernels at the main page for cdrecord http://cdrecord.berlios.de/old/private/cdrecord.html The summary version is: Burn CDs as root.
FYI, that bug _never_ affected any Red Hat distro IIRC. It _only_ affects distros that suid on cdrecord. Red Hat removed suid on cdrecord as of Fedora Core 1 (along with countless other "security sanity checks" done in the move from RHL9 -> FC1), so _all_ releases with kernel 2.6 (FC2+, RHEL4+) don't have the issue. The overwhelming major of other distros did, and it was really a "Fedora moment" IMHO (especially when people were still bashing Red Hat and Fedora).
You actually do _not_ need suid on cdrecord. It's a common misnomer. Most distros set suid for A) so they don't have to set permissions proper on the CD record device and B) they get priority and increased memory access. Kernel 2.6.8.x+ now makes "B" impossible, as the kernel differentiates between access by a suid program and a program actually running as root. Jorg calls it a "bug," but it's Jorg's program that is crapping out when it isn't granted access it expects.
I _never_ run cdrecord as root on the console, I just use the console user which has the correct permissions to do such. Red Hat does it proper (starting with FC1, pre-kernel 2.6, so FC2+ had no issue). The overwhelming majority of distros did not when kernel 2.6.8.x+ came out.