SUID to cdrecord and cdrdao
Josh Bressers
josh at bress.net
Tue May 22 11:15:39 UTC 2007
> Hi all,
>
> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and
> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings
> like cdrecord will be run with root privileges. What do you think about
> it? Could it cause some security issues or something bad?
>
Yes, all SUID binaries carry a certain amount of security risk with them.
The issue is that if a vulnerability is found that lets an attacker execute
the code of their choosing, that code will run as root.
I know cdrecord, and many other SUID applications, try to drop root
privileges as soon as possible. This can help mitigate the potential
for exploitation, but the threat is still there.
--
JB
More information about the fedora-devel-list
mailing list