[MPlayer-users] RTC Permission

Gábor Lénárt lgb at lgb.hu
Fri Jul 19 08:22:02 CEST 2002

On Fri, Jul 19, 2002 at 02:38:11AM +0200, Haas Wernfried wrote:
> you forgot about this part which is also featured in the FAQ:
> -- snip --
>       !!!! BUT STAY TUNED !!!!
>       This is a *BIG* security risk! *NEVER* do this on a server or on a
>       computer that you do not control
>       completely because other users can gain root privileges through SUID
>       root MPlayer!!!
>       !!!! SO YOU HAVE BEEN WARNED ... !!!!
> -- snip --
> of course risk is quite low, but i think posting "chmod +s something"

No, it's not low and yes, you're right. MPlayer is not created to check
various permissions with differnt uids (euid/uid/etc) so IMHO it would be
some minutes for any more-than-beginner-programmer to gain root privileges
mostly if he has got the source too. BTW, as far as I remember, that note
in FAQ was written by me.

- Gábor (larta'H)

More information about the MPlayer-users mailing list