COMMAND

    xcd

SYSTEMS AFFECTED

    Digital Unix 4.0

PROBLEM

    Alexis Polozov found  following.  xcd  (CD_Player for CDE  users),
    used for playing of audio CDs  "has a side effect of making  xcd's
    eject button always work, even  when the hardware eject switch  is
    locked."  Alexis added:

        - Even when a cdfs filesystem is mounted,
        - Even when a file reading is in progress (cp, ls, find etc.),
        - Until the system is up.

    The author of  the program considerated  this as a  feature.  (See
    the  source   code  is   available  into    /usr/example/motif/xcd
    directory.)   By default,  you do  NOT need  to be  root for using
    this command.

    Exploit: eject  a mounted  CD-ROM with  xcd, insert  another CDROM
    and ls -R into CDROM directory.  The system will crash.

SOLUTION

    DEC  is  informed  about  this  problem.   Workaround:  "chmod" or
    "setld -d".