xf86-video-intel-backlight-helper is setuid root
Based on CVE-2014-4910, this utility is probably not safe to run setuid root; it does not seem to have been written with security in mind. If it’s needed, a setuid wrapper program should be provided which permits execution only with a fixed set of whitelisted command lines and environment variables, and the actual binary should be non-setuid.
(from redmine: issue id 3312, created on 2014-08-27, closed on 2015-12-09)
- Revision 1c6ba8ca by Natanael Copa on 2014-09-09T12:05:54Z:
main/xf86-video-ati: upgrade to 7.4.0 fixes #3312