![](https://seccdn.libravatar.org/avatar/e6e477fc4ab7634f3ed96f356b548e1c.jpg?s=120&d=mm&r=g)
On Wed, Nov 21, 2012 at 05:53:36PM +0100, Joerg Schilling wrote:
Marcus Meissner
wrote: On Wed, Nov 21, 2012 at 05:24:22PM +0100, Juergen Weigert wrote: [ 8< ]
$ osc sr multimedia:apps cdrtools openSUSE:Factory
Not with a setuid root binary.
Well, it is not my fault when people at Suse neither understand why special privileges are needed, nor introduce a non-removable method into their OS base that would ppermit to get these special privileges without being root.
a) cdrtools isn't part of the default software set included with the openSUSE standard/ default software repositories. It's neither in the oss, the non-oss nor in the update repository of openSUSE versions 12.1, 12.2 or Factory. With a default openSUSE install cdrtools aren't available or visible to the users. cdrtools is available from the multimedia:apps repository only. You can only find it via http://software.openSUSE.org/ if you enable the extended, non standard search. You must click on the 'Show unstable packages' labled link. The cdrtools package as available from the multimedia:apps repository is maintained by an openSUSE community member. Dave isn't working for SUSE. He does this as a service to the community. And we all appreciate his work and efforts. We all also prefer if the person doing the actual work gets the reward from you and not SUSE or openSUSE in general as you write on you web page. Please also be this nice to update your web page¹ to reference the correct location behind the link labled 'OpenSuSE cdrecord packet'. The current link is limited to the i586 architecture and doesn't lead to any cdrtools or cdrecord packages. As you sound much like a correct person I must stress the right capitalization of the project name. It is openSUSE and not OpenSuSE as you use it at your cdrecord web page¹. Please be this nice to correct this too while you update your page. b) The whole cdrtools/ cdrecord situation isn't a fault caused by SUSE. Please blame Linux in general for this (as you do¹). And if you like cdrtools to work properly please be this nice to work in a cooperative manner with the community on a solution. Blaming and pointing with fingers at others doesn't drive the issue forward. I'm sure the Linux security community will appreciate and welcome your help, feedback, and input.
We did this for Solaris _many_ years ago, as long as Suse does not offer the needed properties, cdrecord, readcd and cdda2wav need to be installed suid root.
You're invited to work with the Linux security community on the privileges issue. I'm sure you're smart enough to get this solved! If this isn't a challenge to you I appreciate if you update your web site, reference to this dicussion with a link to the web archive of this thread², and afterwards we're all happy no longer to see the same non moving forward discussion again and again. Cause you and we all have better things to do. Thanks, Lars ¹ http://cdrecord.berlios.de/private/linux-dist.html ² http://lists.openSUSE.org/opensuse-factory/2012-11/msg00663.html -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany