FC6 and cdburning

[Krzysztof Halasa]

Leszek Matok <Lam at Lam.pl> writes:

> People have suid
> cdrecords on machines with shell accounts and to this point there was no
> exploit using SCSI commands to gain privileges (the only one I know of
> was using user-provided $RSH as root).

Suid cdrecord with root-only drive access may be potentially safe,
because users aren't allowed to issue arbitrary commands to the drive.
-- 
Krzysztof Halasa