Security audit result: gnome-pty-helper


I had a look at gnome-pty-helper. Here are the issues I found. They are
probably minor. The first one is a bit of a howler though! Note that this
isn't a thorough audit, just a quick glance. More pairs of eyes are

I haven't made a patch; the suggested changes are trivial. Tell me what
you think and if these changes will be applied. I think I can justify them
all ;-)

One more thing, a packaging issue. "gnome-pty-helper" is sgid root as well
as suid-root. I would suggest only the latter is neccessary.


1) When checking for STDOUT being open, we check fcntl(0,...) not
fcntl(1,...), oops!

2) open_ptys - return value for alloca() not checked for NULL (oh -
openpty() seems to check this but still..)

3) openpty() [in gnome-login-support] - if group ownership can't be
changed to group "tty" then we shouldn't make the pty group writeable. 2
occurences. I can envisage a condition where this causes a problem.

4) pty_add() - check for pi == NULL should come _before_ memset()!

5) pty_add() - does not check return code of strdup() for NULL?

6) update_dbs() - malloc return not checked for NULL

7) update_dbs() - after strncpy() of user supplied display_name we don't
NULL-terminate the ut_host field!

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]