[MPlayer-users] Setuid root mplayer
DEBERT Jean-Louis
jl.debert at rsd.com
Wed Aug 28 15:17:02 CEST 2002
Davide Decicco wrote:
> Is someone able to explain me (or point me to some useful resource on the
> web) why setuid root mplayer is a security risk ? How can one gain root
> privileges through it ?
> Thanks.
Well, we are not about to say exactly _how_ you can do it, you can cook your
own system without us ...
The problem for any setuid program is that:
1. it is effectively run with all of root's permissions
2. it can be initiated (and run) by a standard user, non-root
3. it can expose bugs, not only in itself, but also in any
piece of software it calls (e.g. a shared library).
So it would be sufficient to have, say, a buffer overflow in
some libc library routine used by the program, to be able,
theoretically, to gain root status by well-known methods
(branch to a shell, etc...)
Programs not setuid but really invoked by root also have this problem,
but then you have to be root first, so there is no _added_ risk.
More information about the MPlayer-users
mailing list