wrong permissions of /usr/bin/cdrecord

To: debian-security@lists.debian.org
Cc: 164283-quiet@bugs.debian.org, 164283-submitter@bugs.debian.org
Subject: wrong permissions of /usr/bin/cdrecord
From: Torsten Werner <twerner@debian.org>
Date: Thu, 14 Nov 2002 09:49:01 +0100
Message-id: <[🔎] 20021114084901.GA30326@vwisb9>

Hello,

I became aware of bug #164283 that seems to me security related and --
even worse -- affects woody. I have not been able to exploit it easily
(by burning /etc/shadow to a CD or something like that) but it really
should be fixed IMHO. The attached patch should fix woody's package.

Torsten

-- 
Torsten Werner                         Dresden University of Technology
mailto:email@twerner42.de                telephone: +49 (351) 463 36711
http://www.twerner42.de/                   telefax: +49 (351) 463 36809

diff -ru cdrtools-1.10/debian/cdrecord.postinst cdrtool-fix/debian/cdrecord.postinst
--- cdrtools-1.10/debian/cdrecord.postinst	Thu Nov 14 09:42:03 2002
+++ cdrtool-fix/debian/cdrecord.postinst	Thu Nov 14 09:43:52 2002
@@ -12,9 +12,9 @@
     RET=false
     db_get cdrecord/SUID_bit
     if [ "$RET" = "true" ]; then
-	cdrecord_mod=4755
+	cdrecord_mod=4750
 	chown root.cdrom /usr/bin/cdrecord
-	chmod 4755 /usr/bin/cdrecord
+	chmod 4750 /usr/bin/cdrecord
     else
 	chown root.root /usr/bin/cdrecord
 	chmod 0755 /usr/bin/cdrecord

Reply to:

Prev by Date: Re: Bind issues
Next by Date: Re: unsubscribe
Previous by thread: Snort alert log
Next by thread: recommendable security lists?
Index(es):
- Date
- Thread