Re: Seeking sponsors for 3 packages

To: Ken Bloom <kabloom@ucdavis.edu>
Cc: debian-mentors@lists.debian.org
Subject: Re: Seeking sponsors for 3 packages
From: Steve Kemp <skx@debian.org>
Date: Wed, 18 Aug 2004 09:14:27 +0100
Message-id: <[🔎] 20040818081426.GA15878@steve.org.uk>
Reply-to: Steve Kemp <skx@debian.org>
In-reply-to: <[🔎] pan.2004.08.18.01.32.30.381159@ucdavis.edu>
References: <[🔎] pan.2004.08.18.01.32.30.381159@ucdavis.edu>

On Tue, Aug 17, 2004 at 06:32:30PM -0700, Ken Bloom wrote:
> 
> The third was written by someone else, but it's very useful:
>    Package: svp
>    Version: 0.2-3
>    Description: An SVGAlib based viewer for PostScript and PDF files
>     svp is an SVGAlib based GhostScript frontend, allowing you to view
>     PostScript and PDF files on your virtual consoles.
> 
> All of my packages are at http://wwwcsif.cs.ucdavis.edu/~bloom/

  I will sponsor this package when it has been fixed to avoid a local
 root attack.

  The binary is installed setuid(root), and contains the following
 code:

   snprintf(command, 255, "gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=nullpage \"%s\" 2>&1", filename);
   f=popen(command, "r");

  That is it invokes a copy of 'gs' without dropping root privileges and
 without specifying the path to gs.  This allows a local user to setup
 a trojan gs command and use it to gain root...

  Appropriate solutions could be forking and dropping privileges
 temporarily, dropping the +s bit, or something else.

Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit

Reply to:

Follow-Ups:
- Re: Seeking sponsors for 3 packages
  - From: Steve Langasek <vorlon@debian.org>

References:
- Seeking sponsors for 3 packages
  - From: Ken Bloom <kabloom@ucdavis.edu>

Prev by Date: Re: seeking a "temp" sponsor
Next by Date: Re: Seeking sponsors for 3 packages
Previous by thread: Seeking sponsors for 3 packages
Next by thread: Re: Seeking sponsors for 3 packages
Index(es):
- Date
- Thread