[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040914015151.GB6716@paradise.net.nz>
Date: Tue, 14 Sep 2004 13:51:51 +1200
From: Volker Kuhlmann <list0570@...adise.net.nz>
To: Sean Davis <dive@...ersgame.net>
Cc: newbug Tseng <newbug@...oot.org>, bugtraq@...urityfocus.com
Subject: Re: cdrecord local root exploit
> > echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"
> I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
> shipping cdrecord setuid root. You could do the same thing with CVS (set
> CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
> root, I would think, yet that wouldn't be a bug in CVS.
The author of cdrecord obstinately argues that cdrecord must be
installed suid root, and is explicitly recommended. Especially SuSE,
who does not install cdrecord suid root, has taken a lot of flak over
this lately (investigate special SuSE copyright in versions 2.01a36 to
40 or so). It also seems that kernel 2.6.8 has changes included which
make it impossible(?) not to run cdrecord suid root. Seems like a
downhill to me but I'm not really qualified to comment.
In any case it would be inappropriate to call it a bug "in cdrecord"
when only testing the Mdk version, esp given the amount of patching
applied by Mdk. First test a vanilla cdrecord, then other distros.
Volker
--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.
Powered by blists - more mailing lists