[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit

On Tue, Dec 14, 2004 at 05:03:01PM +0100, Martin Schulze wrote:
> Adam Zabrocki discovered multiple buffer overflows in atari800, an
> Atari emulator.  In order to directly access graphics hardware, one of
> the affected programs is installed setuid root.  A local attacker
> could exploit this vulnerability to gain root privileges.

I wonder if we could have some sort of policy to prevent this kind of silly
bugs.  It doesn't make sense to use root privs for displaying graphics when
we have priviledge separation layers like SDL and X.

 .''`.   Proudly running Debian GNU/kFreeBSD unstable/unreleased (on UFS2+S)
: :' :
`. `'    http://www.debian.org/ports/kfreebsd-gnu

Reply to: