[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

serious security hole in KDE Beta 3 (fwd)

To: SILUG <silug-discuss@silug.org>
Subject: serious security hole in KDE Beta 3 (fwd)
From: "Koree A. Smith" <koree@accessus.net>
Date: Mon, 9 Feb 1998 11:41:02 -0600 (CST)
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: owner-silug-discuss@silug.org


I know some of you use KDE...

Koree

Koree A. Smith
--
Development Programmer, CMAC, Inc.
koree@accessus.net
http://www.ameth.org/~koree

---------- Forwarded message ----------
Date: Fri, 6 Feb 1998 20:06:52 -0800
From: Tudor Bosman <tudorb@CCO.CALTECH.EDU>
To: BUGTRAQ@NETSPACE.ORG
Subject: serious security hole in KDE Beta 3

Hello !

When using shadow passwords, the K Desktop Environment
(http://www.kde.org) screen savers require to be setuid root (in order
to access /etc/shadow).  However, they never drop root privileges...

When starting, they create the file .kss.pid in the home directory as
root, following symbolic links.  And ln -s /etc/shadow ~/.kss.pid
will cause /etc/shadow to be overwritten.

A short patch:

diff -c kscreensaver.orig/main.cpp kscreensaver/main.cpp
*** kscreensaver.orig/main.cpp  Fri Feb  6 19:23:07 1998
--- kscreensaver/main.cpp       Fri Feb  6 19:30:13 1998
***************
*** 289,294 ****
--- 289,298 ----

        initPasswd();

+       // this makes use of the POSIX saved UIDs feature, available
+       // in current Linux versions -- tudorb@caltech.edu
+       setuid (getuid ());
+
        if ( mode == MODE_INSTALL )
        {
         if (!canGetPasswd) {

--
Tudor Bosman
E-mail:  tudorb@its.caltech.edu   Phone: (626) 683-3813
Address: Caltech MSC #345, Pasadena, CA 91126-0345, USA


--
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Prev by Date: Star Office
Next by Date: Re: Star Office
Prev by thread: Neat Sig... (Humor)
Next by thread: Re: Star Office
Index(es):
- Date
- Thread