Re: SUID to cdrecord and cdrdao

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Hi all,
> 
> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and 
> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings 
> like cdrecord will be run with root privileges. What do you think about 
> it? Could it cause some security issues or something bad?
> 

Yes, all SUID binaries carry a certain amount of security risk with them.
The issue is that if a vulnerability is found that lets an attacker execute
the code of their choosing, that code will run as root.

I know cdrecord, and many other SUID applications, try to drop root
privileges as soon as possible. This can help mitigate the potential
for exploitation, but the threat is still there.

-- 
    JB

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux