Replaced setuid blocker by warning. People must know themselves what they do.

This commit is contained in:
Thomas Schmitt 2006-12-09 11:09:42 +00:00
parent 653af025b1
commit 7aca0c40a4
2 changed files with 16 additions and 14 deletions

View File

@ -1960,7 +1960,8 @@ set_dev:;
"blanking and burning see output of option -help rather than --help.\n"); "blanking and burning see output of option -help rather than --help.\n");
printf("Non-cdrecord options:\n"); printf("Non-cdrecord options:\n");
printf(" --abort_handler do not leave the drive in busy state\n"); printf(" --abort_handler do not leave the drive in busy state\n");
printf(" --allow_setuid disable setuid blocker (very insecure !)\n"); printf(
" --allow_setuid disable setuid warning (setuid is insecure !)\n");
printf( printf(
" --any_track allow source_addresses to match '^-.' or '='\n"); " --any_track allow source_addresses to match '^-.' or '='\n");
printf(" --demand_a_drive exit !=0 on bus scans with empty result\n"); printf(" --demand_a_drive exit !=0 on bus scans with empty result\n");
@ -2187,18 +2188,6 @@ final_checks:;
if(flag&1) if(flag&1)
goto ex; goto ex;
if(o->allow_setuid==0 && getuid()!=geteuid()) {
fprintf(stderr,
"cdrskin: SORRY : uid and euid differ. Will abort for safety concerns.\n");
fprintf(stderr,
"cdrskin: HINT : Consider to allow rw-access to the writer device and\n");
fprintf(stderr,
"cdrskin: HINT : to run cdrskin under your normal user identity.\n");
fprintf(stderr,
"cdrskin: HINT : Option --allow_setuid disables this safety check.\n");
ret= 0; goto ex;
}
if(strlen(o->raw_device_adr)>0 && !o->no_whitelist) { if(strlen(o->raw_device_adr)>0 && !o->no_whitelist) {
int driveno,hret; int driveno,hret;
char *adr,buf[Cdrskin_adrleN]; char *adr,buf[Cdrskin_adrleN];
@ -5497,6 +5486,19 @@ int Cdrskin_run(struct CdrskiN *skin, int *exit_value, int flag)
int ret; int ret;
*exit_value= 0; *exit_value= 0;
if(skin->preskin->allow_setuid==0 && getuid()!=geteuid()) {
fprintf(stderr,"\n");
fprintf(stderr,"cdrskin: WARNING : THIS PROGRAM WAS TREATED WITH chmod u+s WHICH IS INSECURE !\n");
fprintf(stderr,
"cdrskin: HINT : Consider to allow rw-access to the writer device and\n");
fprintf(stderr,
"cdrskin: HINT : to run cdrskin under your normal user identity.\n");
fprintf(stderr,
"cdrskin: HINT : Option --allow_setuid disables this safety check.\n");
fprintf(stderr,"\n");
}
if(skin->do_devices) { if(skin->do_devices) {
if(skin->n_drives<=0 && skin->preskin->scan_demands_drive) if(skin->n_drives<=0 && skin->preskin->scan_demands_drive)
{*exit_value= 4; goto no_drive;} {*exit_value= 4; goto no_drive;}

View File

@ -1 +1 @@
#define Cdrskin_timestamP "2006.12.03.204709" #define Cdrskin_timestamP "2006.12.09.111108"