[luau] Duplicating Music CD
W. Wayne Liauh
LiauhW001 at Hawaii.rr.com
Mon Dec 9 14:32:01 PST 2002
Vince Hoang wrote:
>With SUID, the application runs as root anyway. You merely
>avoid the process of having to su or sudo. I look at cd writing
>utilities in similar light to dd and mkfs.
>
>
Hi Vince-
Since I expect the majority of our readers don't have UNIX background, I
believe your statement needs to be qualified to some extent.
When running as root, you leave your "entire computer" open for security
attacks. Whereas, with SUID, you only allow a specific program to
invoke process(es) that would otherwise require something equivalent to
a root privilege. In other words, with SUID, instead of blanket
privileges, only very limited extent of privileges are granted. SUID is
an ingenious way to provide compromised convience and security.
Most end users, however, do not notice the security issue. What happens
in the real world if you run grip (or any other Linux CD ripping
program) as root is that, instead of being in your home directory, the
ripped/encoded files will be stored in the root directory. After you
spend hours thinking you've copied your favorite CDs into your hard but
could find them, then you will really hear someone cursing.
Anyway, if there is anything that desperately needs to be improved in
Linux, it is the audio copying capability.
More information about the LUAU
mailing list