Bugtraq mailing list archives
serious security hole in KDE Beta 3
From: tudorb () CCO CALTECH EDU (Tudor Bosman)
Date: Fri, 6 Feb 1998 20:06:52 -0800
Hello ! When using shadow passwords, the K Desktop Environment (http://www.kde.org) screen savers require to be setuid root (in order to access /etc/shadow). However, they never drop root privileges... When starting, they create the file .kss.pid in the home directory as root, following symbolic links. And ln -s /etc/shadow ~/.kss.pid will cause /etc/shadow to be overwritten. A short patch: diff -c kscreensaver.orig/main.cpp kscreensaver/main.cpp *** kscreensaver.orig/main.cpp Fri Feb 6 19:23:07 1998 --- kscreensaver/main.cpp Fri Feb 6 19:30:13 1998 *************** *** 289,294 **** --- 289,298 ---- initPasswd(); + // this makes use of the POSIX saved UIDs feature, available + // in current Linux versions -- tudorb () caltech edu + setuid (getuid ()); + if ( mode == MODE_INSTALL ) { if (!canGetPasswd) { -- Tudor Bosman E-mail: tudorb () its caltech edu Phone: (626) 683-3813 Address: Caltech MSC #345, Pasadena, CA 91126-0345, USA
Current thread:
- Windows 95 Serv-U FTP bug whiz (Feb 04)
- <Possible follow-ups>
- Re: Windows 95 Serv-U FTP bug tl (Feb 05)
- Re: Windows 95 Serv-U FTP bug Alan Thew (Feb 06)
- SMB signing NT chall / response Mudgenski Von Splat (Feb 06)
- L0pht Advisory - NT port binding vulnerability Weld Pond (Feb 06)
- An update on MS private key (in)security issues Aleph One (Feb 06)
- Another ld-linux.so problem Solar Designer (Feb 06)
- CERT Advisory CA-98.04 - NT.WebServers Phillip R. Jaenke (Feb 06)
- Re: CERT Advisory CA-98.04 - NT.WebServers David LeBlanc (Feb 06)
- serious security hole in KDE Beta 3 Tudor Bosman (Feb 06)
- Re: Another ld-linux.so problem joost witteveen (Feb 07)
- Re: Another ld-linux.so problem Solar Designer (Feb 07)
- Re: Another ld-linux.so problem carson () tla org (Feb 07)
- Re: Another ld-linux.so problem Aleph One (Feb 08)
- www-sql cgi prog overrides .htaccess restrictions. Mr LEROY christophe (Feb 09)
- Re: www-sql cgi prog overrides .htaccess restrictions. Stunt Pope (Feb 09)
- SNI-24: IDS Vulnerabilities Secure Networks Inc. (Feb 09)
- AIX/Gradient iFOR/LS bug: follows symlinks Joerg Schumacher (Feb 09)
- Re: AIX/Gradient iFOR/LS bug: follows symlinks Troy A. Bollinger (Feb 09)
- CFP - Recent Advances in Intrusion Detection (RAID'98) Marc Dacier (Feb 10)