SUID to cdrecord and cdrdao
Adam Hough
adam at gradientzero.com
Tue May 22 12:17:46 UTC 2007
Okay maybe it was just me but around the end of FC4 or maybe the
beginning of FC5 cdrecord was shipping with the SUID bit set. I had to
unset that bit to get cdrecord to work.
On Tue, 2007-05-22 at 13:36 +0200, Adam Tkac wrote:
> Josh Bressers napsal(a):
> >> Hi all,
> >>
> >> I did some quick think about SUID bits to /usr/bin/cdrecord (wodim) and
> >> /usr/bin/cdrdao . I'm using k3b for burning and it always write warnings
> >> like cdrecord will be run with root privileges. What do you think about
> >> it? Could it cause some security issues or something bad?
> >>
> >>
> >
> > Yes, all SUID binaries carry a certain amount of security risk with them.
> > The issue is that if a vulnerability is found that lets an attacker execute
> > the code of their choosing, that code will run as root.
> >
> > I know cdrecord, and many other SUID applications, try to drop root
> > privileges as soon as possible. This can help mitigate the potential
> > for exploitation, but the threat is still there.
> >
> Yeah, but SUID could increase burning stability. We must compare compare
> security aspects and burning aspects and leave it like nowadays or set SUID.
>
> -A-
>
--
Adam Hough <adam at gradientzero.com>
More information about the fedora-devel-list
mailing list