Re: Linux GNOME exploit

On Mon Sep 27, 1999 at 08:44:42PM -0400, Elliot Lee wrote:
> On Mon, 27 Sep 1999, John Kodis wrote:
> > I received the following report of an exploitable buffer overflow in
> > one of the Gnome libraries in this morning's Bugtraq feed.  I thought
> > that I'd pass it along, as this should clearly get resolved before the
> > upcoming stable Gnome release.
> If the problem exists at all, it's a Mandrake-specific packaging error,
> not anything to do with GNOME. nethack is not part of Red Hat Linux, does
> not use GNOME or esound, and is not installed s[ug]id root in the
> powertools package.

Gnomehack does use gnomelibs. Never tried Gnomehack, Elliot? Shame on
you.:) Anyway, it should be setgid games (to give it permission to
write high scores in /var/lib/games/gnomehack per the ancient nethack
way of doing things). If it is setgid root, that is somebody elses
fault, not mine. The way I put gnomehack together, the worst that could
happen on a buffer overflow would be that somebody gets to fake a high


Erik B. Andersen   Web: 
--This message was written using 73% post-consumer electrons--

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]