[MPlayer-users] RTC Permission
Gábor Lénárt
lgb at lgb.hu
Fri Jul 19 08:22:02 CEST 2002
On Fri, Jul 19, 2002 at 02:38:11AM +0200, Haas Wernfried wrote:
> you forgot about this part which is also featured in the FAQ:
> -- snip --
> !!!! BUT STAY TUNED !!!!
> This is a *BIG* security risk! *NEVER* do this on a server or on a
> computer that you do not control
> completely because other users can gain root privileges through SUID
> root MPlayer!!!
> !!!! SO YOU HAVE BEEN WARNED ... !!!!
> -- snip --
>
> of course risk is quite low, but i think posting "chmod +s something"
No, it's not low and yes, you're right. MPlayer is not created to check
various permissions with differnt uids (euid/uid/etc) so IMHO it would be
some minutes for any more-than-beginner-programmer to gain root privileges
mostly if he has got the source too. BTW, as far as I remember, that note
in FAQ was written by me.
- Gábor (larta'H)
More information about the MPlayer-users
mailing list