Bugtraq mailing list archives
Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
From: bright () WINTELCOM NET (Alfred Perlstein)
Date: Sat, 10 Jun 2000 13:40:17 -0700
* sector x <sectorx () DIGITALPHOBIA COM> [000610 13:10] wrote:
Here is a freebsd port of noir's cdrecord buffer overflow. have you noticed cdrecord is very often suid root on many systems? :) --sectorx -- snip snip -- /* freebsd cdrecord exploit port by sectorx of XOR
[*yawn* *snip*] But it's _not_ suid on FreeBSD: ~ % ls -l /usr/local/bin/cdrecord -r-xr-xr-x 1 root wheel 161244 May 20 04:31 /usr/local/bin/cdrecord Cute but useless. Any program that encourages users to suid it root and allows arbritary devices to be accessed over the scsi bus needs to be taken out back and shot, twice. Any vendor that ships it that way, three times. The exploit presented here is akin to writing a sploit for /bin/sh that only works if it's suid. -- -Alfred Perlstein - [bright () wintelcom net|alfred () freebsd org] "I have the heart of a child; I keep it in a jar on my desk."
Current thread:
- Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) Jeff Garzik (May 31)
- Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) noir (May 30)
- <Possible follow-ups>
- Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) sector x (Jun 10)
- Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) Alfred Perlstein (Jun 10)