Re: Linux GNOME exploit - PATCH!

From: Owen Taylor <otaylor redhat com>
To: Yo Ric Dude <ricdude toad net>
Cc: andersen xmission com, Elliot Lee <sopwith redhat com>, John Kodis <kodis jagunet com>, gnome-devel-list gnome org
Subject: Re: Linux GNOME exploit - PATCH!
Date: 29 Sep 1999 01:28:55 -0400

Yo Ric Dude <ricdude@toad.net> writes:

> Hey folks, please review patch below for the esdlib 
> exploit.  x11amp is a popular program to install
> as setuid root for real-time priority, and other
> esdified audio apps may seek the same performance 
> increase.  It's fixed easily enough.  Is this 
> sufficient?

Hmmm, x11amp uses GTK+... I hope it irrevocably drops all root
permissions before it gets to the GTK+ code if somebody is running it
suid root.

(Otherwise, there is a security hole 18 miles wide and 23 miles long
which we've basically chosen to leave there. Better to make it clear
that GTK+ is not suitable for suid root programs than to claim that
there isn't a single exploitable line in the 184,000 lines of GTK+.

Hint: you don't need a buffer overflow when you can load up arbitrary
shared libraries and get the code executed.)

That doesn't mean that buffer overflows in esd shouldn't get
fixed. But the way to avoid problems is to keep as little code as
possible in the firing line.

Regards,
                                        Owen

References:
- Linux GNOME exploit
  - From: John Kodis
- Re: Linux GNOME exploit
  - From: Elliot Lee
- Re: Linux GNOME exploit
  - From: Erik Andersen
- Re: Linux GNOME exploit - PATCH!
  - From: Yo Ric Dude

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]