Bugtraq mailing list archives

Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)

From: noir () GSU LINUX ORG TR (noir)
Date: Tue, 30 May 2000 12:08:39 +0300

The person who originally reported this is only using "medium" security
level.  I asked him in private to raise the security level to 4 or 5 and
report again, but never heard back.

Under Linux-Mandrake, security level 4/5 involves a filesystem scan and
possibly chmod, independent of individual programs in most cases.

        Jeff

--
Jeff Garzik              | Liberty is always dangerous, but
Building 1024            | it is the safest thing we have.
MandrakeSoft, Inc.       |      -- Harry Emerson Fosdick


I did tested the exploit code on seclev. 3/4/5, it works just FINE ! gid=80 : )

Current thread:

Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) Jeff Garzik (May 31)
- Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) noir (May 30)
- <Possible follow-ups>
- Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) sector x (Jun 10)
  - Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) Alfred Perlstein (Jun 10)