No description
74bc5a7660
Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>. From [1]: From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: wmtv: dangerous suid root Date: Thu, 08 Nov 2001 20:07:52 +0100 Hi ! I think there is a huge security hole with wmtv and, when wmtv is installed, anyone can easily get a root account. Here is what I have in my terminal: (everytime I launch wmtv, I double-clicked in the tv subwindow to call the external program) ---------------------------------------------------------------------- Tintin:~> wmtv -e whoami root Tintin:~> cat > crack_root.sh #!/bin/sh cp /bin/sh /tmp chmod u+s /tmp/sh Tintin:~> chmod +x crack_root.sh Tintin:~> wmtv -e ~/crack_root.sh Tintin:~> ll /tmp/sh -rwsr-xr-x 1 root users 407356 Nov 8 19:25 /tmp/sh* ---------------------------------------------------------------------- I tried to make wmtv non-suid root, and... sometimes it works (despite an error message), sometimes it does not... ---------------------------------------------------------------------- Tintin:~> ll /usr/bin/X11/wmtv -rwxr-xr-x 1 root root 62588 Jul 31 01:55 /usr/bin/X11/wmtv* Tintin:~> wmtv ioctl VIDIOCSFBUF: Operation not permitted Tintin:~> wmtv ioctl VIDIOCSFBUF: Operation not permitted wmtv: no physical frame buffer access ---------------------------------------------------------------------- Hence, I guess you should either correct wmtv so that it always work without being suid root, or make wmtv lose its privileges before it runs an external program. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=118778 |
||
|---|---|---|
| AlsaMixer.app | ||
| libdockapp | ||
| Temperature.app | ||
| wmacpi | ||
| wmacpiload | ||
| wmauda | ||
| wmbatteries | ||
| wmbattery | ||
| wmbiff | ||
| wmbutton | ||
| wmcalc | ||
| wmCalClock | ||
| wmcalendar | ||
| wmcdplay | ||
| wmckgmail | ||
| wmcliphist | ||
| wmclock | ||
| wmcpufreq | ||
| wmcpuload | ||
| wmfemon | ||
| wmfsm | ||
| wmfu | ||
| wmifinfo | ||
| wmifs | ||
| wmitime | ||
| wmix | ||
| wmkeys | ||
| wmload | ||
| wmMatrix | ||
| wmmemload | ||
| wmmenu | ||
| wmmixer | ||
| wmmixer-alsa | ||
| wmmon | ||
| wmmoonclock | ||
| wmnet | ||
| wmnotify | ||
| wmpager | ||
| wmpower | ||
| wmppp.app | ||
| wmshutdown | ||
| wmsm.app | ||
| wmsmixer | ||
| wmSMPmon | ||
| wmsun | ||
| wmsupermon | ||
| wmtime | ||
| wmtv | ||
| wmtz | ||
| wmWeather | ||
| wmwifi | ||
| wmwlmon | ||
| dockapps.db.in | ||
| update-dockapps.pl | ||