Re: Linux GNOME exploit
- From: Erik Andersen <andersen xmission com>
- To: Elliot Lee <sopwith redhat com>
- Cc: John Kodis <kodis jagunet com>, gnome-devel-list gnome org
- Subject: Re: Linux GNOME exploit
- Date: Mon, 27 Sep 1999 22:57:47 -0600
On Mon Sep 27, 1999 at 08:44:42PM -0400, Elliot Lee wrote:
> On Mon, 27 Sep 1999, John Kodis wrote:
>
> > I received the following report of an exploitable buffer overflow in
> > one of the Gnome libraries in this morning's Bugtraq feed. I thought
> > that I'd pass it along, as this should clearly get resolved before the
> > upcoming stable Gnome release.
>
> If the problem exists at all, it's a Mandrake-specific packaging error,
> not anything to do with GNOME. nethack is not part of Red Hat Linux, does
> not use GNOME or esound, and is not installed s[ug]id root in the
> powertools package.
>
Gnomehack does use gnomelibs. Never tried Gnomehack, Elliot? Shame on
you.:) Anyway, it should be setgid games (to give it permission to
write high scores in /var/lib/games/gnomehack per the ancient nethack
way of doing things). If it is setgid root, that is somebody elses
fault, not mine. The way I put gnomehack together, the worst that could
happen on a buffer overflow would be that somebody gets to fake a high
score.
-Erik
--
Erik B. Andersen Web: http://www.xmission.com/~andersen/
email: andersee@debian.org
--This message was written using 73% post-consumer electrons--
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]