Bugtraq mailing list archives
Re: WindowMaker bugs (was sub:none )
From: sprout () DOK ORG (Chris Green)
Date: Tue, 24 Aug 1999 13:19:16 -0500
I replied to this message already when he posted it to linux-alert IIRC. He didn't reply though so here's my message again slightly edited. I will say that these are some poor bugs. I won't say that they have the wide ranging implications that you imply. The window manager isn't going to save anyone if someone has access to your display. Running programs with long argv[0]'sis just another way for a user to shoot themselves in the foot by running a program that is doing something nasty. One more place to put a trojan but thats about as far reaching as that goes. the libPropList problem might be a bit bigger as at one time some of GNOME was/is using it. Buffer overflows are bugs. Lots of them have security implications. Most do not. Feel free to correct me if you feel I have my facts wrong here or I'm overlooking some implication of the bugs. Cheers, Chris Stan Bubrouski <bin () MAILANDNEWS COM> writes:
Back in June when I was fooling around with some programs I was writing, I found a serious buffer overflow in WindowMaker 0.60.0 and 0.52, but I assume previous versions are vulnerable as well. By replacing argv[0] of a program with a string longer than 249 characters, it is possible to overflow one of the programs buffers, causing it, and possibly X as well to crash. It is assumed this can be exploited remotely if you run an insecure X server. By default some distributions of Linux like RedHat come with X configured to allow everyone in the outside world access to your X-server. Anyway here is the guilty section of code, from wdefualts.c:
-- Chris Green <sprout () dok org> <grapeape () uab edu> I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx
Current thread:
- Re: WindowMaker bugs (was sub:none ) Chris Green (Aug 24)