Re: Linux GNOME exploit

From: Erik Andersen <andersen xmission com>
To: Elliot Lee <sopwith redhat com>
Cc: John Kodis <kodis jagunet com>, gnome-devel-list gnome org
Subject: Re: Linux GNOME exploit
Date: Mon, 27 Sep 1999 22:57:47 -0600

On Mon Sep 27, 1999 at 08:44:42PM -0400, Elliot Lee wrote:
> On Mon, 27 Sep 1999, John Kodis wrote:
> 
> > I received the following report of an exploitable buffer overflow in
> > one of the Gnome libraries in this morning's Bugtraq feed.  I thought
> > that I'd pass it along, as this should clearly get resolved before the
> > upcoming stable Gnome release.
> 
> If the problem exists at all, it's a Mandrake-specific packaging error,
> not anything to do with GNOME. nethack is not part of Red Hat Linux, does
> not use GNOME or esound, and is not installed s[ug]id root in the
> powertools package.
> 

Gnomehack does use gnomelibs. Never tried Gnomehack, Elliot? Shame on
you.:) Anyway, it should be setgid games (to give it permission to
write high scores in /var/lib/games/gnomehack per the ancient nethack
way of doing things). If it is setgid root, that is somebody elses
fault, not mine. The way I put gnomehack together, the worst that could
happen on a buffer overflow would be that somebody gets to fake a high
score.

 -Erik

--
Erik B. Andersen   Web:    http://www.xmission.com/~andersen/ 
                   email:  andersee@debian.org
--This message was written using 73% post-consumer electrons--

Follow-Ups:
- Re: Linux GNOME exploit
  - From: Yo Ric Dude
- Re: Linux GNOME exploit - PATCH!
  - From: Yo Ric Dude

References:
- Linux GNOME exploit
  - From: John Kodis
- Re: Linux GNOME exploit
  - From: Elliot Lee

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]