[MPlayer-users] Setuid root mplayer
Lethal Weapon
lethalwp at tiscali.be
Wed Aug 28 19:20:07 CEST 2002
On Wed, 2002-08-28 at 18:14, Alejandro Néstor Vargas wrote:
> > DOCS/bugreports.html] Is someone able to explain me (or point me to
> > some useful resource on the web) why setuid root mplayer is a security
> > risk ? How can one gain root privileges through it ?
>
> A totally bug-free program never is a security risk, but it is difficult
> to assure you a program is bug-free. This is why open source programs are
> more secure: because you can check yurself. But if you don't want to check
> all the software or you are not sure if you checked all the posibilities,
> always is a good precaution not to use the root user and not to use setuid
> programs... It depends on how paranoid is one.
totally bugfree ?
does it exist really?
Once the project becomes big, it's never bugfree
Greetz,
Ltwp
More information about the MPlayer-users
mailing list