[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SUID to cdrecord and cdrdao



Okay maybe it was just me but around the end of FC4 or maybe the
beginning of FC5 cdrecord was shipping with the SUID bit set.  I had to
unset that bit to get cdrecord to work.

On Tue, 2007-05-22 at 13:36 +0200, Adam Tkac wrote:
> Josh Bressers napsal(a):
> >> Hi all,
> >>
> >> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and 
> >> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings 
> >> like cdrecord will be run with root privileges. What do you think about 
> >> it? Could it cause some security issues or something bad?
> >>
> >>     
> >
> > Yes, all SUID binaries carry a certain amount of security risk with them.
> > The issue is that if a vulnerability is found that lets an attacker execute
> > the code of their choosing, that code will run as root.
> >
> > I know cdrecord, and many other SUID applications, try to drop root
> > privileges as soon as possible. This can help mitigate the potential
> > for exploitation, but the threat is still there.
> >   
> Yeah, but SUID could increase burning stability. We must compare compare 
> security aspects and burning aspects and leave it like nowadays or set SUID.
> 
> -A-
> 
-- 
Adam Hough <adam gradientzero com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]