[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recent gpm DoS issue

Ethan Benson (erbenson@alaska.net) wrote:
> there is another point, how necessary is it for gpm to run as root?

the DoS has nothing to do with executing naughty code, but with mucking
around with the mouse itself. gpm reads from the serial port, and writes to
/dev/vcs* (i think). so making gpm run as another user or dropping privs
sooner probably wouldn't do us much good.

-- 
(jacob kuntz)                    jpk@cape.com jake@{megabite,underworld}.net
(megabite systems)               "they that can give up liberty to obtain a
                                  little temporary safety deserve neither
                                  liberty nor safety."  (benjamin franklin)
Reply to: