Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
View Poll Results: Am I being paranoid?
|
Yes, you're being paranoid
|
  
|
2 |
100.00% |
You can't be paranoid enough
|
  
|
0 |
0% |
 |
03-01-2006, 08:53 AM
|
#1
|
Member
Registered: Sep 2004
Location: Old York, North Yorks.
Distribution: Debian 7 (mainly)
Posts: 653
Rep:
|
Package install from online repository, security and paranoia
I installed the k3b mad package yesterday from one of the Packman mirrors (packman.iu-bremen.de) to allow burning of audio CDs from mp3 (which also updated a number of other packages to resolve dependencies). Following this, a configuration warning opened up when I restarted k3b telling me that I could experience problems with burning CDs as k3b was not configured to run with root priveliges. I took the option to update k3b's configuration, entering the root password.
I have been worrying since about the possibility of an exploit being installed in this way. On the one hand: - The installation was done through YaST, which requires the root password to run anyway, so it seems that any exploit would not require this to be entered a second time.
- Packman's repositories are generally a trusted source.
- I have had CD burning failures in the past, which seemed to be due to k3b not running with root priveliges.
However: - I could run k3b as root when necessary, by launching it from the command line with sudo / su root.
What do you all think?
Rob
Last edited by Robhogg; 03-01-2006 at 08:56 AM.
|
|
|
03-01-2006, 10:42 AM
|
#2
|
Member
Registered: Mar 2005
Posts: 130
Rep:
|
Quote:
Originally Posted by Robhogg
I installed the k3b mad package yesterday from one of the Packman mirrors (packman.iu-bremen.de) to allow burning of audio CDs from mp3 (which also updated a number of other packages to resolve dependencies). Following this, a configuration warning opened up when I restarted k3b telling me that I could experience problems with burning CDs as k3b was not configured to run with root priveliges. I took the option to update k3b's configuration, entering the root password.
I have been worrying since about the possibility of an exploit being installed in this way. On the one hand: - The installation was done through YaST, which requires the root password to run anyway, so it seems that any exploit would not require this to be entered a second time.
- Packman's repositories are generally a trusted source.
- I have had CD burning failures in the past, which seemed to be due to k3b not running with root priveliges.
However: - I could run k3b as root when necessary, by launching it from the command line with sudo / su root.
What do you all think?
Rob
|
I run all that stuff as normal user. You need to make sure your
dvd is writable by users: chmod 666 /dev/dvd or whatever you have as your dvd burner. Then make cdrecord and all the other cd/dvd recording programs owned by root but runnable by users;
chmod 4755 cdrecord.
You shoudln't have to do your cd/dvd burning as root, ever. All you may have to do is make sure your burner is world writable as above. The rest may not even be necessary.
|
|
|
03-02-2006, 06:20 AM
|
#3
|
Member
Registered: Sep 2004
Location: Old York, North Yorks.
Distribution: Debian 7 (mainly)
Posts: 653
Original Poster
Rep:
|
Hmm...
After doing the configuration as I described, ls -l `which k3b` gives:
-rwxr-xr-x 1 root root 2209828 2006-02-28 10:42 /opt/kde3/bin/k3b
and ls -l `which cdrecord` gives:
-rwxr-xr-x 1 root root 336668 2005-09-09 17:40 /usr/bin/cdrecord
I had actually expected that the permissions would have been set to the equivalent of 4755 - i.e. with setuid root (-rwsr-xr-x). Any idea what else it could have done?
Thanks,
Rob
Last edited by Robhogg; 03-02-2006 at 06:23 AM.
|
|
|
All times are GMT -5. The time now is 06:24 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|