[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC6 and cdburning



Leszek Matok <Lam Lam pl> writes:

> People have suid
> cdrecords on machines with shell accounts and to this point there was no
> exploit using SCSI commands to gain privileges (the only one I know of
> was using user-provided $RSH as root).

Suid cdrecord with root-only drive access may be potentially safe,
because users aren't allowed to issue arbitrary commands to the drive.
-- 
Krzysztof Halasa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]