lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1095263282.578.2.camel@schemer>
Date: Wed, 15 Sep 2004 11:48:03 -0400
From: Coleman <cokane@...ane.org>
To: Fix Address <hidden@...adise.net.nz>
Cc: Sean Davis <dive@...ersgame.net>,
	newbug Tseng <newbug@...oot.org>, bugtraq@...urityfocus.com
Subject: Re: cdrecord local root exploit


I think that the reason the author states that it must be installed
setuid root is so that it can be run by a normal user to burn cd images
(versus having to su to root). Try using sudo, or set up something to
modify the permissions on your cd device to allow it to access them.

On Mon, 2004-09-13 at 21:51, Volker Kuhlmann wrote:
> > > echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"
> 
> > I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
> > shipping cdrecord setuid root. You could do the same thing with CVS (set
> > CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
> > root, I would think, yet that wouldn't be a bug in CVS.
> 
> The author of cdrecord obstinately argues that cdrecord must be
> installed suid root, and is explicitly recommended. Especially SuSE,
> who does not install cdrecord suid root, has taken a lot of flak over
> this lately (investigate special SuSE copyright in versions 2.01a36 to
> 40 or so). It also seems that kernel 2.6.8 has changes included which
> make it impossible(?) not to run cdrecord suid root. Seems like a
> downhill to me but I'm not really qualified to comment.
> 
> In any case it would be inappropriate to call it a bug "in cdrecord"
> when only testing the Mdk version, esp given the amount of patching
> applied by Mdk. First test a vanilla cdrecord, then other distros.
> 
> Volker



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ