SUID to cdrecord and cdrdao
Adam Tkac
atkac at redhat.com
Tue May 22 11:36:37 UTC 2007
Josh Bressers napsal(a):
>> Hi all,
>>
>> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and
>> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings
>> like cdrecord will be run with root privileges. What do you think about
>> it? Could it cause some security issues or something bad?
>>
>>
>
> Yes, all SUID binaries carry a certain amount of security risk with them.
> The issue is that if a vulnerability is found that lets an attacker execute
> the code of their choosing, that code will run as root.
>
> I know cdrecord, and many other SUID applications, try to drop root
> privileges as soon as possible. This can help mitigate the potential
> for exploitation, but the threat is still there.
>
Yeah, but SUID could increase burning stability. We must compare compare
security aspects and burning aspects and leave it like nowadays or set SUID.
-A-
More information about the fedora-devel-list
mailing list