Re: svgalib (restorefont) permissions
>I'm trying to use runx from svgalib to fix some problems exiting from
>X but restorefont fails with...
>
>{debian:1} /usr/bin/restorefont -w fontdata
>/usr/bin/restorefont: Permission denied.
>
>it's permissions are:
>
>-rwxr-x--- 1 root console 8196 Jan 7 14:58 /usr/bin/restorefont
>-rwsr-x--- 1 root console 8196 Jan 7 14:58 /usr/bin/restorepalette
>-rwsr-x--- 1 root console 8196 Jan 7 14:58 /usr/bin/restoretextmode
^
\
This column is the key to it all...
>How can this be run from a user account? From the root account it works
>fine!
You can say
chmod u+s /usr/bin/restorefont
and this will allow it to be run by any member of the console group.
HOWEVER:
there is a bug in restorefont which allows anyone in the console group
to gain root access on your system if the program is setuid to root.
So be absolutely certain you understand the implications of doing
this.
Note that later versions of the svgalib package discard both the
console group and the setuid bit on all of these programs, leaving
security and arrangements entirely to local administrators.
--
Richard Kettlewell
http://www.elmail.co.uk/staff/richard/ richard@uk.geeks.org
Well, sure, the government lies, and the newspapers lie, but in a
democracy they aren't the same lies...
Reply to: