| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Sep 2004 13:15:45 +0200
From: Marcus Meissner <meissner@...e.de>
To: Fix Address <hidden@...adise.net.nz>
Cc: Sean Davis <dive@...ersgame.net>,
newbug Tseng <newbug@...oot.org>, bugtraq@...urityfocus.com
Subject: Re: cdrecord local root exploit
On Tue, Sep 14, 2004 at 01:51:51PM +1200, Volker Kuhlmann wrote:
> > > echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"
>
> > I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
> > shipping cdrecord setuid root. You could do the same thing with CVS (set
> > CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
> > root, I would think, yet that wouldn't be a bug in CVS.
>
> The author of cdrecord obstinately argues that cdrecord must be
> installed suid root, and is explicitly recommended. Especially SuSE,
> who does not install cdrecord suid root, has taken a lot of flak over
> this lately (investigate special SuSE copyright in versions 2.01a36 to
> 40 or so). It also seems that kernel 2.6.8 has changes included which
> make it impossible(?) not to run cdrecord suid root. Seems like a
> downhill to me but I'm not really qualified to comment.
This has been fixed later on at least.
> In any case it would be inappropriate to call it a bug "in cdrecord"
> when only testing the Mdk version, esp given the amount of patching
> applied by Mdk. First test a vanilla cdrecord, then other distros.
SUSE is btw not affected, since we have (as previously discussed), patched
cdrecord. ;)
Ciao, Marcus
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists