[arch-general] An old, tiresome discussion: cdrtools vs cdrkit

[Joerg Schilling]

Johann Peter Dirichlet <peterdirichlet.freesoftware at gmail.com> wrote:

> > There are two possible solutions:
> >
> > 1)      Look at the turkish Linux distro that delivers a complete
> >        uncastrated Linux, create a linux distro that includes the
> >        needed features (make sure that these features cannot be
> >        unconfigured) and send me a version so I can start implementing
> >        support for fine grained privileges on Linux into cdrtools.
> >
> > 2)      Continue to deliver a reduced Linux that does not give you the
> >        choice for a different solution and live with the consequences
> >        that force you to install cdrecord/readcd/cdda2wav suid root
> >        in order to gain the needed privileges.
>
> It is a Linux kernel issue (make menuconfig)? Or just a "install this
> package in order to fine control cdrtools privileges"?

A Linux distro that is feasible for a non-root cdrecord would need to include
full support for fine grained privileges and the distro would need to make sure 
that this cannot be turned off later.

This includes:

-	Kernel support for fine grained privs

-	Library support for above

-	Support for automated raising of privileges for specific user land 
	programs.

	This can either be done by something like pfexec(1) that itself is
	very small (400 lines) and reads the databases in /etc/security
	like /etc/security/exec_attr

	Or it can be done by having a root filesystem that supports
	mandatory access controls that act similar to suid root
	but for fine grained privs.

Jörg

-- 
 EMail:joerg at schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js at cs.tu-berlin.de                (uni)  
       joerg.schilling at fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
 URL:  http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily