Date: Thu, 3 Feb 2005 20:45:19 +0100 From: FreeBsdBeni <freebsdbeni@spymac.com> To: freebsd-questions@freebsd.org Subject: Re: problems running k3b in fluxbox with sudo Message-ID: <200502032045.19768.freebsdbeni@spymac.com> In-Reply-To: <011101c508b7$226e0480$c900a8c0@ostros> References: <42001124.2030804@fusemail.com> <011101c508b7$226e0480$c900a8c0@ostros>
next in thread | previous in thread | raw e-mail | index | archive | help
> ----- Original Message ----- > From: "Brian John" <brianjohn@fusemail.com> > To: <freebsd-questions@freebsd.org> > Sent: Tuesday, February 01, 2005 3:30 PM > Subject: problems running k3b in fluxbox with sudo > > > When I try to run k3b in fluxbox with sudo, I get this error message: > > 'Unable to find growisofs executable'. Any clue what would cause this?= =20 > > I can't burn DVDs until I get it resolved... > > =46rom the Notes-section in "man growisofs" : NOTES If executed under sudo(8) growisofs refuses to start. This is done = for the following reason. Naturally growisofs has to access the data set= to be recorded to DVD media, either indirectly by letting mkisofs gener= ate ISO9660 layout on-the-fly or directly if a pre-mastered image is to= be recorded. Being executed under sudo(8), growisofs effectively gra= nts sudoers read access to any file in the file system. The situation= is intensified by the fact that growisofs parses MKISOFS environment va= ri- able in order to determine alternative path to mkisofs executa= ble image. This means that being executed under sudo(8), growisofs eff= ec- tively grants sudoers right to execute program of their choice w= ith elevated privileges. If you for any reason still find the above acce= pt- able and are willing to take the consequences, then consider runn= ing following wrapper script under sudo(8) in place for real growis= ofs binary. #!/bin/ksh unset SUDO_COMMAND export MKISOFS=3D/path/to/trusted/mkisofs exec growisofs "$@" But note that the recommended alternative to the above "workaround"= is actually to install growisofs set-root-uid, in which case it will d= rop privileges prior accessing data or executing mkisofs in order to p= re- clude unauthorized access to the data. I have to start k3b with "kdesu k3b", not just "sudo". Then it finds growis= ofs=20 and it all works. =20 Beni.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502032045.19768.freebsdbeni>