David L Norris wrote: > On Fri, 2004-09-10 at 10:38 +0100, Paul Howarth wrote: >> > There was an announcement yesterday about updating cdrecord if it has >> > been manually suid'd. The link didn't give me any further information >> > but does that mean if it's not been suid'd then do not update it. > > If it is on your system then it would be wise to update. > >> This is a wild guess having not looked at the code, but I suspect that >> the updated cdrecord will refuse to run if it has been installed setuid >> root because, as the update announcement noted, that would be a very >> stupid thing to do. > > There's a CVE number attached to the announcement. That means there is > some sort of security problem. (And the announcement subject states > SECURITY.) Anyone who sets the vulnerable version of cdrecord suid root > could allow a malicious user to gain root privileges. > > Many programs that have security flaws and are suid root can be used to > compromise the security of the entire system. Thinking toward future > security flaws one can conclude that it is unwise to allow everyone run > anything with unrestricted root privileges. The only programs which > deserve to be suid root are simple programs (such as console-helper) > which hopefully have had thorough security reviews. > > Also, ponder this: cdrecord will allow the user to write data to files, > disks, etc. If cdrecord is suid root then any malicious (or stupid) > user could easily destroy system files or entire storage devices. Any > program that has the ability to write to files should never be suid > root. > And given that recent linux kernels disallow cd writing except as root, what do you propose?
