Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 23202 - cdrtools-2.01_alpha14 doesn't like SUID root
Summary: cdrtools-2.01_alpha14 doesn't like SUID root
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Arcady Genkin (RETIRED)
Depends on:
Reported: 2003-06-20 17:12 UTC by Sridhar Dhanapalan
Modified: 2004-09-03 19:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sridhar Dhanapalan 2003-06-20 17:12:00 UTC
Trying to burn with cdrecord (cdrtools-2.01_alpha14) as a user (not as root)
results in 3 lines of errors (see Actual Results). The CD still burns, but at
the greater risk of a buffer overrun (according to the errors, anyway).
Downgrading to cdrtools-1.11.40 makes the problem go away. The problem appears
to be explained in the changelog for cdrtools-2.01a13 (the version in which this
problem first occurs):

  -Cdrecord now resets euid to the uid of the caller (if called suid root)
  before it opens data files.

More information can be found in the Forum thread linked above. My opinion is
that the cdrtools 2.x series should NOT be marked as stable, at least until this
bug (which affects just about everyone who burns CDs) is fixed.

Reproducible: Always
Steps to Reproduce:
1. Make /usr/bin/cdrecord SUID root so you can burn as user (or create a cdrw
group for CD burning and add your user to it).
2. Try burning a CD with cdrecord as user
Actual Results:  
cdrecord spits out errors:

  cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler
  cdrecord: Permission denied. WARNING: Cannot set priority using setpriority().
  cdrecord: WARNING: This causes a high risk for buffer underruns.

After displaying these errors it proceeds to burn the CD.

Expected Results:  
These errors shouldn't occur and there should be no problems with burning as a user.

Portage 2.0.48-r1 (default-x86-1.4, gcc-3.2.2, glibc-2.3.1-r4)
System uname: 2.4.20-gentoo-r2-1 i686 AMD Athlon(TM) XP 2100+
CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config
/usr/kde/3/share/config /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
USE="x86 apm mikmod ncurses zlib cdr 3dnow mmx sse -objprelink oss alsa arts
-berkdb cups slp esd dvd avi mpeg quicktime xmms oggvorbis flash encode gif jpeg
png tiff ggz gpm gtk gtk2 bonobo gnome gnome-libs gtkhtml evo gb guile imlib
motif mozilla spell truetype freetype freetype2 xml xml2 pdflib -nas -nls pam
ssl crypt perl -mysql -postgres -odbc gdbm python qt qtmt kde readline -ruby
java slang libwww libg++ tcltk tcpd xface tex X dga opengl xv -directfb fbcon
svga aalib ggi sdl -samba"
CFLAGS="-march=athlon-xp -mcpu=athlon-xp -O3 -pipe -m3dnow -msse -mfpmath=sse
-mmmx -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop
-frerun-loop-opt -falign-functions=4 -maccumulate-outgoing-args -ffast-math
CXXFLAGS="-march=athlon-xp -mcpu=athlon-xp -O3 -pipe -m3dnow -msse -mfpmath=sse
-mmmx -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop
-frerun-loop-opt -falign-functions=4 -maccumulate-outgoing-args -ffast-math
FEATURES="ccache digest sandbox"
Comment 1 Arcady Genkin (RETIRED) gentoo-dev 2003-07-14 11:54:08 UTC
So, is cdrecord binary SUID root?  Could you show an "ls -l" on it?  (Just checking).
Comment 2 Sridhar Dhanapalan 2003-07-14 19:09:32 UTC
# ls -l /usr/bin/cdrecord
-rwsrwsr--    1 root     cdrw       292364 Jun 11 13:55 /usr/bin/cdrecord
Comment 3 Heinrich Wendel (RETIRED) gentoo-dev 2003-12-06 12:51:26 UTC
what about alpha18?
Comment 4 Heinrich Wendel (RETIRED) gentoo-dev 2003-12-16 12:16:08 UTC
please try alpha18
Comment 5 Lars Weiler (RETIRED) gentoo-dev 2004-09-03 07:39:55 UTC
No Info given.  Just closing.
Comment 6 Sridhar Dhanapalan 2004-09-03 19:51:23 UTC
Sorry for not responding.

cdrtools-2.01_alpha28-r1 works fine.