Re: Possible root exploit in Linux povray

[JYoungman () VGGAS COM (James Youngman)]

> > > > > "des" == Dag-Erling Coidan Smørgrav <dag-erli () IFI UIO NO> writes:

  des> Luke <luke () UTW COM> writes:

  >> In the official (3.02) release of povray for linux, the s-povray
  >> binary must be installed suid root to function (complains about
  >> not being able to open /dev/console without it).

  des> Can somebody please explain to me why a raytracing package
  des> needs root privs? Why does it even need access to the console
  des> at all? What's wrong with std{in,out,err}?

IIRC, s-povray is the version which displays its result to the SVGA
screen as it goes.  It "needs"[1] root privileges in order to call
iopl()/ioperm() so that it can do I/O against the hardware directly.
SVGAlib drops root privileges immediately after its initialisation
function is called, so most programs are insulated from the most
immediate problems, but in some cases this is too late.

IIRC the original poster didn't state if the segmentation fault is
occuring before or after the executable drops its privs.


[1] Yes, I don't like it either.  A unified framebuffer or similar
device would be a good idea.  The variety of PC hardware is sometimes
a drag.