The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[email protected] with unsubscribe


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Thu, 19 Feb 1998 10:54:30 +0500 (ESK)
Date: Fri, 6 Feb 1998 20:06:52 -0800
From: Tudor Bosman <[email protected]>
To: [email protected]
Subject: BoS:      serious security hole in KDE Beta 3


Hello !

When using shadow passwords, the K Desktop Environment
(http://www.kde.org) screen savers require to be setuid root (in order
to access /etc/shadow).  However, they never drop root privileges...

When starting, they create the file .kss.pid in the home directory as
root, following symbolic links.  And ln -s /etc/shadow ~/.kss.pid
will cause /etc/shadow to be overwritten.

A short patch:

diff -c kscreensaver.orig/main.cpp kscreensaver/main.cpp
*** kscreensaver.orig/main.cpp  Fri Feb  6 19:23:07 1998
--- kscreensaver/main.cpp       Fri Feb  6 19:30:13 1998
***************
*** 289,294 ****
--- 289,298 ----

        initPasswd();

+       // this makes use of the POSIX saved UIDs feature, available
+       // in current Linux versions -- [email protected]
+       setuid (getuid ());
+
        if ( mode == MODE_INSTALL )
        {
         if (!canGetPasswd) {

--
Tudor Bosman
E-mail:  [email protected]   Phone: (626) 683-3813
Address: Caltech MSC #345, Pasadena, CA 91126-0345, USA

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру