SUID to cdrecord and cdrdao

Josh Bressers josh at
Tue May 22 11:15:39 UTC 2007

> Hi all,
> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and 
> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings 
> like cdrecord will be run with root privileges. What do you think about 
> it? Could it cause some security issues or something bad?

Yes, all SUID binaries carry a certain amount of security risk with them.
The issue is that if a vulnerability is found that lets an attacker execute
the code of their choosing, that code will run as root.

I know cdrecord, and many other SUID applications, try to drop root
privileges as soon as possible. This can help mitigate the potential
for exploitation, but the threat is still there.


More information about the fedora-devel-list mailing list