--- cdrkit/doc/READMEs/README.ATAPI.setup

+++ cdrkit/doc/READMEs/README.ATAPI.setup

@@ -29,7 +29,7 @@ cdrom group ("adduser user cdrom") and let the user completely logout and

 re-login.

 Note: with certain kernel versions wodim can fail with this message:

 "wodim: Operation not permitted. Cannot send SCSI cmd via ioctl"

-In this case it still does need the suid bit - please send patches if you have

+In this case it still does need the SUID bit - please send patches if you have

 identified the reason of that problem.

 Kernel 2.4.* (for 2.5/2.6, see above)

@@ -81,7 +81,8 @@ Where we start:

    (read wodim(1), "man 1 wodim", for details)

 10. If you wish to allow non-root users to write CDs, you must give them 

-    permissions to do so. Set suid-root permissions on the executable,

+    permissions to do so. Set SUID root permissions on the executable,

     then add your users to the cdrom group ("adduser user cdrom") and

-    let the user completely logout and re-login.

+    let the user completely logout and re-login.  Be sure to refer to

+    README.suidroot to get informed of the security risk.

--- cdrkit/doc/READMEs/README.suidroot

+++ cdrkit/doc/READMEs/README.suidroot

@@ -1,29 +1,38 @@

-This is an example of how to install wodim and other cdrkit applications to get

-the root permissions in a safer way.

+This is an example of how to install wodim and some other cdrkit applications

+(only those that specifically support this mode of installation!) to get the

+root permissions in a safer way (compared to use of su, sudo, or the like).

-Usually it is not a good idea to run the applications as root or to

-give users the means to run wodim as root. This gives them an easy way

+Usually it is not a good idea to give users (including your very own non-root

+account) the means to run wodim as root. This gives them an easy way

 to fetch sensitive data by writing it to the disk, or pass arbitrary

 SCSI commands, e.g. formatting a SCSI disk.

 This also applies to root-mode wrappers like sudo, they should be used with

 the most possible care.

-The alternative way is installing wodim as suid-root application. In this

+The alternative way is installing wodim as SUID root application. In this

 mode, wodim checks permission of the device access by comparing the ownership

 of the device node user/group attributes for the real UID/GID of the calling

 user.

-To give all user access to use wodim, enter:

+To give all users access to use wodim (usually a bad idea!), enter:

-   chown root /usr/local/bin/wodim

-   chmod 4711 /usr/local/bin/wodim

+   chown root /usr/bin/wodim

+   chmod 4711 /usr/bin/wodim

-To give a restricted group of users access to wodim, add a group

-"cdburners" to your system and add the trusted users to this group.

+To give a restricted group of users access to wodim, at your own risk, add a

+group "cdburners" to your system and add the trusted users to this group.

 Then enter:

-   chown root:cdburners /usr/local/bin/wodim

-   chmod 4710 /usr/local/bin/wodim

+   chown root:cdburners /usr/bin/wodim

+   chmod 4710 /usr/bin/wodim

+

+Please note that by "giving access to wodim" as illustrated above, you actually

+permit those user accounts to invoke portions of code in wodim, as well as in

+system libraries, as root.  This allows any one of those users, or whoever

+might have compromised any of the accounts, to mount attacks on potential

+vulnerabilities in those code paths - and potentially obtain root privileges.

+However, compared to use of sudo (or the like), which would run the entire

+wodim program as root, this is a security improvement.

--- cdrkit/genisoimage/genisoimage.1

+++ cdrkit/genisoimage/genisoimage.1

@@ -2578,11 +2578,6 @@ combinations of the hide options ...

 .\" ----------------------------------------

 .SH NOTES

 .PP

-.B genisoimage

-may safely be installed suid root. This may be needed to allow

-.B genisoimage

-to read the previous session when creating a multisession image.

-.PP

 If 

 .B genisoimage 

 is creating a filesystem image with Rock Ridge attributes and the

@@ -2594,13 +2589,23 @@ This results in a directory called

 .B RR_MOVED

 in the root directory of the CD. You cannot avoid this directory.

 .PP

-Many boot code options for different platforms are mutualy exclusive because

+Many boot code options for different platforms are mutually exclusive because

 the boot blocks cannot coexist, ie. different platforms share the same data

 locations in the image. See

 http://lists.debian.org/debian-cd/2006/12/msg00109.html for details.

 .\" ----------------------------------------

 .SH BUGS

 .PP

+.B genisoimage

+is not designed to handle untrusted directory trees - that is, those where

+at least one directory entry was previously or is currently under control

+of a potential attacker.

+When

+.B genisoimage

+is used on such a tree, compromise of the account running

+.B genisoimage

+(often root) may result.

+.PP

 Any files that have hard links to files not in the tree being copied to the

 ISO9660 filesystem will have an incorrect file reference count.

 .PP

@@ -2761,7 +2766,8 @@ is derived from

 from the

 .B cdrtools 2.01.01a08

 package from May 2006 (with few updates extracted from cdrtools 2.01.01a24 from

-March 2007) from .IR http://cdrecord.berlios.de/ ,

+March 2007) from

+.IR http://cdrecord.berlios.de/ ,

 but is now part of the

 .B cdrkit

 suite, maintained by Joerg Jaspert, Eduard Bloch, Steve McIntyre, Peter

--- cdrkit/readom/readom.1

+++ cdrkit/readom/readom.1

@@ -360,9 +360,11 @@ login shell.

 .PP

 Unless you want to risk getting problems,

 .B readom

-should be run as root. If you don't want to allow users to become root on your system,

+should be run as root.

+As an option,

 .B readom

-may safely be installed suid root.

+may be installed SUID root

+(at your own risk and restricting access to a trusted group of users).

 For more information see the additional notes of your system/program

 distribution or README.suidroot which is part of the Cdrkit source.

 .PP

--- cdrkit/wodim/wodim.1

+++ cdrkit/wodim/wodim.1

@@ -72,8 +72,9 @@ and

 .PP

 In any case, the user running 

 .B wodim

-needs read and write access to the particular device file on a Linux system. It

-is recommended to be root or install the application as suid-root, because

+needs read and write access to the particular device file on a Linux system.

+It is recommended to be root or install the application as SUID root (at your

+own risk and restricting access to a trusted group of users), because

 certain versions of Linux (kernel) limit the set of SCSI commands allowed for

 non-root users. Even if usage without root identity is possible in many cases,

 some device drivers still may fail, show unexplainable problems and generally

@@ -158,7 +159,7 @@ In order to be able to use the SCSI transport subsystem of the OS, run at highes

 priority and lock itself into core

 .B

 wodim

-either needs to be run as root, needs to be installed suid root or

+either needs to be run as root, needs to be installed SUID root (risky) or

 must be called via

 .B RBACs

 pfexec mechanism.

@@ -2115,7 +2116,7 @@ to create a disk that is entirely made of dummy data.

 .PP

 There are also cases where you either need to be root or install

 .B wodim 

-executable with suid-root permissions. First, if you are using a device

+executable with SUID root permissions (risky). First, if you are using a device

 manufactured before 1999 which requires a non-MMC driver, you should run

 .B wodim

 in dummy mode before writing data. If you find a problem doing this, please

@@ -2132,7 +2133,8 @@ dummy mode and report trouble to the contact address below.

 If you still want to run

 .B wodim

 with root permissions, you can set the permissions of the executable to

-suid-root. See the additional notes of your system/program distribution or

+SUID root (risky).

+See the additional notes of your system/program distribution or

 README.suidroot which is part of the cdrkit source.

 .PP

 You should not connect old drives that do not support