l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2003 May 14 17:27

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] [Fwd: Cdrecord local root exploit.]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] [Fwd: Cdrecord local root exploit.]



On Wed, May 14, 2003 at 01:18:29PM -0700, ME wrote:
> ---------------------------- Original Message ----------------------------
> Subject: Cdrecord local root exploit.
> From:    yjm01 <yjm01@terra.com.br>
> Date:    Tue, May 13, 2003 13:52
> To:      bugtraq <bugtraq@securityfocus.com>
> --------------------------------------------------------------------------
> 
> Priv8security.com
> 
> Hi, here it is local root exploit cdrecord format string bug
>  Cdrecord come suid root by default on mandrake distro and it can be
> executed by anybody.

Setuid cdrecord might make sense on systems *exclusively* for desktop
use; but why any distro would install it suid root by default is
beyond me. If I were running a server, I certainly want any idiot to
be able to screw with my CDRW drive...

The exploit itself doesn't disturb me so much: the only people who
should be able to use cdrecord at all should be folks with console
access anyway.

-Micah
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!