[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SUID to cdrecord and cdrdao



> Hi all,
> 
> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and 
> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings 
> like cdrecord will be run with root privileges. What do you think about 
> it? Could it cause some security issues or something bad?
> 

Yes, all SUID binaries carry a certain amount of security risk with them.
The issue is that if a vulnerability is found that lets an attacker execute
the code of their choosing, that code will run as root.

I know cdrecord, and many other SUID applications, try to drop root
privileges as soon as possible. This can help mitigate the potential
for exploitation, but the threat is still there.

-- 
    JB


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]