On Thu, May 19, 2005 at 09:40:49AM +0200, Kaare Hviid wrote: > From the new upstream 1.2.0 ChangeLog: > > o SECURITY FIX: cdrdao now gives up its root privileges after setting > up real-time scheduling, as well as before saving settings through > the --save option. This fixes a potential local root exploit when > cdrdao is installed with the +s chmod flag. Using --save now also > forces an early exit after the settings are saved. > > Although cdrdao isn't installed setuid root on Debian, no doubt some > people find that an easy option, why it would be very nice if this > release made its way into Debian.
It hardly matters, once sarge is released I'll be uploading a version of cdrdao that refuses to be setuid. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
signature.asc
Description: Digital signature
