Opened 12 years ago
Closed 12 years ago
#63 closed defect (fixed)
rpld allows to be run as suerpuser, allows users on system to read and write files with superuser privileges
| Reported by: | ph3-der-loewe | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | RoarAudio PlayList Daemon | Version: | 0.1rc2 |
| Keywords: | security | Cc: | pmatthaei@… |
| Architecture: | Compiler: | ||
| Difficulty: | Kernel: | ||
| Operating System: | Parent Tickets: | ||
| Patch attached: | no | Protocol: | |
| Sound driver: | Topic: | Bug Fix |
Description
rpld allows users to run it as superuser. If non-root users have accesslevel >= ACCLEV_USER they can use IMPORT and EXPORT command to overwrite every file on host system with superuser privileges.
There musst be a check to avoid this:
- By checking and setting diffrent options for access levels
- or (preferred) by disallowing to run as root without special force options.
Subtickets
Change History (1)
comment:1 Changed 12 years ago by ph3-der-loewe
- Resolution set to fixed
- Status changed from new to closed
- Version changed from current to 0.1rc2
Note: See
TracTickets for help on using
tickets.
