Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: perry () piermont com (Perry E. Metzger)
Date: Wed, 8 Jul 1998 10:40:09 -0400
Alan Cox writes:
Duncan Simpson writes:ncurses version 4.1 fails to drop priviledges before opening the termcap database and you can set any file(s) you like.This is not a bug. ncurses is a *library*, not a *program*. It is up to suid programs to drop privileges, not every call that invokes them -- or are you going to declare the fact that fopen() doesn't drop privileges a "bug"?Depends how you care to look at it. I can agree with your reasoning. In which case there is a bug in screen (as root so very bad) dosemu mutt several bsd-games packages
There are indeed many such bugs. SUID programs should drop privs almost immediately. The number of possible places such issues can lurk is semi-infinite. You'll never get all of them. You *can*, however, drop privs almost instantly.
anywhere on the planet today. Also of course any setuid/setgid applications using NLS or TZ. The latter is far nastier because 1. The libraries will use message catalogs and may open them before you do
In NetBSD, the message catalogs we use don't work that way, so I suppose I'm not familiar with this issue.
2. If you are using C++ your constructors can't call libc in this case as the order of constructors isnt defined
??? Why not just drop privs at the beginning as you are supposed to?
4. Dropping TZ or NLS when setuid is really obnoxious - Japanese users will love having mutt, screen, and things like su in English.
So don't drop them -- drop privs *first*. Sigh. Perry
Current thread:
- ncurses 4.1 security bug Duncan Simpson (Jul 07)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Warner Losh (Jul 09)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- Re: ncurses 4.1 security bug matthew green (Jul 10)
- Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
- Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
- Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- sshd gives out version number Tom Dyas (Jul 09)