Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 310239

Summary: app-cdr/cdrtools: cdrecord is world-executable by default (proposal: change to group cdrw)
Product: Gentoo Security Reporter: Giuliano Gagliardi <gentoo>
Component: Default ConfigsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: billie, nikoli
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 486318    
Bug Blocks:    

Description Giuliano Gagliardi 2010-03-19 15:16:31 UTC 
cdrecord is installed setuid-root and world-executable. Why not make default permissions "-rws--x--- root cdrw" as I think the the group cdrw exists exactly for this?

I might be wrong of course.

Reproducible: Always
Comment 1 Daniel Pielmeier gentoo-dev 2013-09-28 12:30:46 UTC 
Newer versions of cdrtools eg. cdrtools-3.01_alpha17 which I am about to stabilise use posix file system capabilities. Is this sufficient as a solution.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-30 00:25:04 UTC 
Yes, ping back when you've stabilized new and removed the old versions (or you can use this bug for the stable)
Comment 3 Daniel Pielmeier gentoo-dev 2013-09-30 06:09:35 UTC 
I have already opened a bug for stabilization. It is on the depend list now.
Comment 4 Nikoli 2013-11-03 14:17:17 UTC 
Actually USE filecaps does not change anything now: all suid bins are still installed with suid, see bug #490272
Comment 5 Daniel Pielmeier gentoo-dev 2014-01-18 23:14:53 UTC 
Although bug #486318 is closed there is still /usr/sbin/rscsi left which is world executable. Maybe it is best to open a new bug about it and this one depend on the new one.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-02-20 06:04:54 UTC 
fixed and any additional issues moved to other bugs