FC6 and cdburning
Krzysztof Halasa
khc at pm.waw.pl
Sat Jul 29 20:21:51 UTC 2006
Leszek Matok <Lam at Lam.pl> writes:
> People have suid
> cdrecords on machines with shell accounts and to this point there was no
> exploit using SCSI commands to gain privileges (the only one I know of
> was using user-provided $RSH as root).
Suid cdrecord with root-only drive access may be potentially safe,
because users aren't allowed to issue arbitrary commands to the drive.
--
Krzysztof Halasa
More information about the fedora-devel-list
mailing list