[15135] in bugtraq
Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
daemon@ATHENA.MIT.EDU (Jeff Garzik)
Thu Jun 1 01:13:15 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3935CFB2.557778CD@mandrakesoft.com>
Date: Wed, 31 May 2000 22:51:30 -0400
Reply-To: Jeff Garzik <jgarzik@MANDRAKESOFT.COM>
From: Jeff Garzik <jgarzik@MANDRAKESOFT.COM>
X-To: Dan Kaminsky <dankamin@CISCO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Dan Kaminsky wrote:
>
> > U may say gid=80 (cdwriter) is useless but anyways here is the xploit
>
> If you've got cdwriter access, and they have a SCSI hard drive, then you
> should theoretically have read/write access to their raw partitions. I'm
> sure I don't need to go into depth on what that should mean.
The person who originally reported this is only using "medium" security
level. I asked him in private to raise the security level to 4 or 5 and
report again, but never heard back.
Under Linux-Mandrake, security level 4/5 involves a filesystem scan and
possibly chmod, independent of individual programs in most cases.
Jeff
--
Jeff Garzik | Liberty is always dangerous, but
Building 1024 | it is the safest thing we have.
MandrakeSoft, Inc. | -- Harry Emerson Fosdick
