Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Feb 2005 20:45:19 +0100
From:      FreeBsdBeni <freebsdbeni@spymac.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: problems running k3b in fluxbox with sudo
Message-ID:  <200502032045.19768.freebsdbeni@spymac.com>
In-Reply-To: <011101c508b7$226e0480$c900a8c0@ostros>
References:  <42001124.2030804@fusemail.com> <011101c508b7$226e0480$c900a8c0@ostros>
next in thread | previous in thread | raw e-mail | index | archive | help 
> ----- Original Message -----
> From: "Brian John" <brianjohn@fusemail.com>
> To: <freebsd-questions@freebsd.org>
> Sent: Tuesday, February 01, 2005 3:30 PM
> Subject: problems running k3b in fluxbox with sudo
>
> > When I try to run k3b in fluxbox with sudo, I get this error message:
> > 'Unable to find growisofs executable'.  Any clue what would cause this?=
=20
> > I can't burn DVDs until I get it resolved...
> >
=46rom the Notes-section in "man growisofs" :

NOTES
       If executed under sudo(8) growisofs refuses to start. This is done  =
for
       the following reason. Naturally growisofs has to access the data set=
 to
       be recorded to DVD media, either indirectly by letting mkisofs gener=
ate
       ISO9660  layout on-the-fly or directly if a pre-mastered image is to=
 be
       recorded. Being executed under sudo(8),  growisofs  effectively  gra=
nts
       sudoers  read  access  to any file in the file system. The situation=
 is
       intensified by the fact that growisofs parses MKISOFS environment va=
ri-
       able  in  order  to  determine  alternative  path to mkisofs executa=
ble
       image. This means that being executed under sudo(8),  growisofs  eff=
ec-
       tively  grants  sudoers  right  to execute program of their choice w=
ith
       elevated privileges. If you for any reason still find the above acce=
pt-
       able  and  are  willing to take the consequences, then consider runn=
ing
       following wrapper script under sudo(8)  in  place  for  real  growis=
ofs
       binary.

            #!/bin/ksh
            unset SUDO_COMMAND
            export MKISOFS=3D/path/to/trusted/mkisofs
            exec growisofs "$@"

       But  note that the recommended alternative to the above "workaround"=
 is
       actually to install growisofs set-root-uid, in which case it will  d=
rop
       privileges  prior  accessing data or executing mkisofs in order to p=
re-
       clude unauthorized access to the data.


I have to start k3b with "kdesu k3b", not just "sudo". Then it finds growis=
ofs=20
and it all works.
=20
Beni.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502032045.19768.freebsdbeni>