[MPlayer-users] Buffer Overflow in Mplayer v0.91 and prior

Erik Slagter erik at oldconomy.com
Mon Sep 1 10:35:54 CEST 2003


> The point being: MPlayer is NOT designed to be run suid-root! Making
> mplayer suid-root is the same as making /bin/sh suid-root; it will
> inherently give anyone full root access and is not intended to do
> otherwise.

For DGA(2) output you need to be root. Maybe is would be smart to have
mplayer drop all root privileges after dga init?



More information about the MPlayer-users mailing list