[MPlayer-users] Setuid root mplayer
Alejandro Néstor Vargas
anv at xnetcuyo.com.ar
Wed Aug 28 18:35:01 CEST 2002
Davide Decicco dijo:
> [Automatic answer: RTFM (read DOCS, FAQ), also read
> DOCS/bugreports.html] Is someone able to explain me (or point me to
> some useful resource on the web) why setuid root mplayer is a security
> risk ? How can one gain root privileges through it ?
A totally bug-free program never is a security risk, but it is difficult
to assure you a program is bug-free. This is why open source programs are
more secure: because you can check yurself. But if you don't want to check
all the software or you are not sure if you checked all the posibilities,
always is a good precaution not to use the root user and not to use setuid
programs... It depends on how paranoid is one.
--
Alejandro Néstor Vargas
anv at xnetcuyo.com.ar
ICQ: 20528995.
Departamento de Desarrollo
X Net Cuyo S.A.
More information about the MPlayer-users
mailing list