Security audit result: gnome-pty-helper
- From: Chris Evans <chris ferret lmh ox ac uk>
- To: Miguel de Icaza <miguel nuclecu unam mx>
- cc: gnome-list gnome org, security-audit ferret lmh ox ac uk
- Subject: Security audit result: gnome-pty-helper
- Date: Mon, 22 Feb 1999 21:48:52 +0000 (GMT)
I had a look at gnome-pty-helper. Here are the issues I found. They are
probably minor. The first one is a bit of a howler though! Note that this
isn't a thorough audit, just a quick glance. More pairs of eyes are
I haven't made a patch; the suggested changes are trivial. Tell me what
you think and if these changes will be applied. I think I can justify them
One more thing, a packaging issue. "gnome-pty-helper" is sgid root as well
as suid-root. I would suggest only the latter is neccessary.
1) When checking for STDOUT being open, we check fcntl(0,...) not
2) open_ptys - return value for alloca() not checked for NULL (oh -
openpty() seems to check this but still..)
3) openpty() [in gnome-login-support] - if group ownership can't be
changed to group "tty" then we shouldn't make the pty group writeable. 2
occurences. I can envisage a condition where this causes a problem.
4) pty_add() - check for pi == NULL should come _before_ memset()!
5) pty_add() - does not check return code of strdup() for NULL?
6) update_dbs() - malloc return not checked for NULL
7) update_dbs() - after strncpy() of user supplied display_name we don't
NULL-terminate the ut_host field!
] [Thread Prev