linux, säkerhet

5034138 2000-04-24  21:09  /27 rader/ Postmaster
Mottagare: Bugtraq (import) <10591>
Ärende: gpm-root initgroups()
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.21.0004232126270.3212-100000@csibe.fazekas.hu>
Date:         Sun, 23 Apr 2000 21:31:20 +0200
Reply-To: Koblinger Egmont <egmont@FAZEKAS.HU>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Koblinger Egmont <egmont@FAZEKAS.HU>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

Hello!

As reported before, the "gpm-root" daemon in gpm-1.19.0 and earlier
lets the user execute any command with uid=0. gpm-1.19.1 fixed half
of the security hole by calling setuid() and setgid() at the right
place but not calling initgruops().

gpm-1.19.2 is out there, which calls initgroups() correctly, fully
fixing this security hole. Therefore anyone running gpm-root is
highly recommended to upgrade to gpm-1.19.2 or apply its setuid(),
setgid() and initgruops() releated patches.

Best regards
Egmont Koblinger
(5034138) ------------------------------------------(Ombruten)