|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: gpm-root
From: Alessandro Rubini (rubini
LINUX.IT)Date: Thu Mar 23 2000 - 14:40:54 CST
- Next message: Phydeaux: "Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags"
- Previous message: ADAM Sulmicki: "Re: gpm-root"
- Maybe in reply to: egmontFAZEKAS.HU: "gpm-root"
- Maybe reply: Alessandro Rubini: "Re: gpm-root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Egmont.
> I've sent report about the following security hole to the
> authors of gpm, but they seemed to ignore the problem.
That's me, mainly. Unfortunately, I don't have any track of your
message about gpm-root.
> gpm-root is a beautiful tool shipped in the gpm package.
Not really that beautiful. It was just meant to be a demo, in the hope
someone will develop a real root-window tool. Anyways, it's
distributed, so I care(d) about its bugs.
> gpm-root calls setuid() first and setgid() afterwards, hence
> the later one is unsuccessful. The authors completely forgot
> about calling initgroups().
Thanks for your report, I'll fix it for 1.19.1, which I plan to
release in a few days. Since gpm is officially unmaintained,
gpm-1.19.1 will be the last one, hopefully, but I already had
it on schedule.
I want to thank Servio Medina for forwarding your message, as I
unsubscribed from bugtraq not long ago, due to excessive email load.
/alessandro
- Next message: Phydeaux: "Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags"
- Previous message: ADAM Sulmicki: "Re: gpm-root"
- Maybe in reply to: egmontFAZEKAS.HU: "gpm-root"
- Maybe reply: Alessandro Rubini: "Re: gpm-root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]