SUID to cdrecord and cdrdao

Adam Hough adam at
Tue May 22 12:17:46 UTC 2007

Okay maybe it was just me but around the end of FC4 or maybe the
beginning of FC5 cdrecord was shipping with the SUID bit set.  I had to
unset that bit to get cdrecord to work.

On Tue, 2007-05-22 at 13:36 +0200, Adam Tkac wrote:
> Josh Bressers napsal(a):
> >> Hi all,
> >>
> >> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and 
> >> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings 
> >> like cdrecord will be run with root privileges. What do you think about 
> >> it? Could it cause some security issues or something bad?
> >>
> >>     
> >
> > Yes, all SUID binaries carry a certain amount of security risk with them.
> > The issue is that if a vulnerability is found that lets an attacker execute
> > the code of their choosing, that code will run as root.
> >
> > I know cdrecord, and many other SUID applications, try to drop root
> > privileges as soon as possible. This can help mitigate the potential
> > for exploitation, but the threat is still there.
> >   
> Yeah, but SUID could increase burning stability. We must compare compare 
> security aspects and burning aspects and leave it like nowadays or set SUID.
> -A-
Adam Hough <adam at>

More information about the fedora-devel-list mailing list