[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#33558: [SECURITY] Trivial root exploit with eterm (fwd)

To hopefully allay any fears, here:

> 	any title command in  .Eterm/themes/Eterm/MAIN will be executed 
> with rootprivileges:
As I've already responded, this is not true.

balmeida@terminus [~]: ls -l /tmp/foo.txt
ls: /tmp/foo.txt: No such file or directory

In the MAIN file:
title `touch /tmp/foo.txt`

After running Eterm:
balmeida@terminus [~]: ls -l /tmp/foo.txt 
-rw-r--r--   1 balmeida balmeida        0 Feb 18 14:17 /tmp/foo.txt

Reply to: