[luau] Duplicating Music CD

Vince Hoang luau at ml.altern8.net
Mon Dec 9 15:40:00 PST 2002 

Hi Wayne,

On Mon, Dec 09, 2002 at 02:35:13PM -1000, W. Wayne Liauh wrote:
> Since I expect the majority of our readers don't have UNIX
> background, I believe your statement needs to be qualified to
> some extent.

I will try to clarify more.

> When running as root, you leave your "entire computer" open for
> security attacks. Whereas, with SUID, you only allow a specific
> program to invoke process(es) that would otherwise require
> something equivalent to a root privilege. In other words, with
> SUID, instead of blanket privileges, only very limited extent
> of privileges are granted. SUID is an ingenious way to provide
> compromised convience and security.

Assuming that the program is world executable, having SUID root
actually makes it less secure. Without the SUID bit set, only
users that you trust can run program. With it set, anyone with
a valid login can run it. The reason why is this especially
dangerous is due to the buffer overflow. If a malicious user has
access to a program running SUID root, the bug can be exploited
and give the malicious user root privileges. Without the SUID bit
set, the program can still be exploited, but it is a moot point
because you would already need to have root priviledges to run
it.

If you have a list of users that you want be able to run
cdparanoia, then, without RBAC, you should use sudo. So users
login as themselves. When cdparanoid is needed, they run the
program as `sudo cdparanoia`.

Without something like sudo, you can put them all into a group
and only let those members be able to execute it. Assuming you
have a group cdrw, you can set ownership and permissions of
cdparanoid to root:cdrw, mode 4110. Then, only users belonging to
the cdrw group can run cdparanoia.

> Most end users, however, do not notice the security issue. What
> happens in the real world if you run grip (or any other Linux
> CD ripping program) as root is that, instead of being in your
> home directory, the ripped/encoded files will be stored in the
> root directory. After you spend hours thinking you've copied
> your favorite CDs into your hard but could find them, then you
> will really hear someone cursing.

This can be alleviated by not logging in as root. Instead, you
can use su or sudo. For the most part, these utilities will keep
your environment intact.

> Anyway, if there is anything that desperately needs to be
> improved in Linux, it is the audio copying capability.

I have really digressed. Linux needs a lot of things to get buy
in from end users. A little more happens each year, but I hope
not at the cost of security.

-Vince

More information about the LUAU mailing list