Opened 9 years ago

Closed 9 years ago

#63 closed defect (fixed)

rpld allows to be run as suerpuser, allows users on system to read and write files with superuser privileges

Reported by: ph3-der-loewe Owned by:
Priority: critical Milestone:
Component: RoarAudio PlayList Daemon Version: 0.1rc2
Keywords: security Cc: pmatthaei@…
Architecture: Compiler:
Difficulty: Kernel:
Operating System: Parent Tickets:
Patch attached: no Protocol:
Sound driver: Topic: Bug Fix

Description

rpld allows users to run it as superuser. If non-root users have accesslevel >= ACCLEV_USER they can use IMPORT and EXPORT command to overwrite every file on host system with superuser privileges.

There musst be a check to avoid this:

  • By checking and setting diffrent options for access levels
  • or (preferred) by disallowing to run as root without special force options.

Subtickets

Change History (1)

comment:1 Changed 9 years ago by ph3-der-loewe

  • Resolution set to fixed
  • Status changed from new to closed
  • Version changed from current to 0.1rc2
Note: See TracTickets for help on using tickets.