On Mon, 2005-11-28 at 10:57 -0600, Alex White wrote:
Thanks Bryan and Ralph. Suid was set on cdrecord, I believe I did this on accident while testing something out with cdrecord and basically shot myself in the foot. Thats what happens when you follow a guide without question.
The kernel 2.6.8.x suid root security change is one of the most widely mis-understood changes. It doesn't help that Jorg (who I normally respect) says the kernel is broken, when it is is anything but broken.
I discovered that suid wasn't set on cdrecord in Fedora Core 1 when I was trying to record something remotely -- so the user didn't have device access, like in the past on RHL8/9. So I then did a comparison of suid between RHL8/9 and FC1 and saw all the things suid root had been removed from.
One of the two largest complaints about RHL prior to FC was the number of binaries suid root (the other being stupid inter-dependencies in the base packages). So I was surprised to see that cleaned up in FC1, and did some research confirming the "new attitude."
Appreciate the information and help. That was very informative Bryan, much obliged.
I was traveling and local to a LUG that was very anti-Red Hat, heavy Fedora bashers (this was when Fedora Core 2 had been released -- with all the heavy GCC, GLibC and kernel changes). It was a real vindication to say, "hey, Red Hat got it right with Fedora, they're listening!"
BTW, the simple "fix" is always (on any other distro): # chmod u-s `which cdrecord`