Okay maybe it was just me but around the end of FC4 or maybe the beginning of FC5 cdrecord was shipping with the SUID bit set. I had to unset that bit to get cdrecord to work. On Tue, 2007-05-22 at 13:36 +0200, Adam Tkac wrote: > Josh Bressers napsal(a): > >> Hi all, > >> > >> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and > >> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings > >> like cdrecord will be run with root privileges. What do you think about > >> it? Could it cause some security issues or something bad? > >> > >> > > > > Yes, all SUID binaries carry a certain amount of security risk with them. > > The issue is that if a vulnerability is found that lets an attacker execute > > the code of their choosing, that code will run as root. > > > > I know cdrecord, and many other SUID applications, try to drop root > > privileges as soon as possible. This can help mitigate the potential > > for exploitation, but the threat is still there. > > > Yeah, but SUID could increase burning stability. We must compare compare > security aspects and burning aspects and leave it like nowadays or set SUID. > > -A- > -- Adam Hough <adam@xxxxxxxxxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
