https://bugzilla.novell.com/show_bug.cgi?id=550021
https://bugzilla.novell.com/show_bug.cgi?id=550021#c108
--- Comment #108 from Marcus Meissner 2013-05-16 16:38:23 UTC ---
So let me give you a highlevel security requirements overview.
When adding cdrtools to openSUSE distribution, additional permissions of the 3
binaries here are for the following security target:
"Reliable CD/DVD/BlueRay reading and writing/burning on a locally attached
device."
Not in scope for additional permissions:
- non-CD SCSI devices
- remote access via librscg
- full set of permissions required for all libscg/librscg usages outside of the
"CD" device type scope.
For these out of scope things the "root" user can run the cdrtools and be
happy.
For the evaluation:
For me the baseline functionality of CD reading and burning is possible for
users WITHOUT any additional permissions.
So the baseline of the tools is mode 755, and no additional fscaps.
What we now can consider to allow is more "reliability", e.g. looking at:
- sys_nice to keep priority
- device glitch support that might then need sys_rawio
(although I can send _all_ SCSI commands to my libgphoto2 SCSI cameras, so it
must be something different I am not aware of.)
- memory locking / DMA requirements to keep memory <-> burner transfers running
reliable
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.