Re: WindowMaker bugs (was sub:none )

[sprout () DOK ORG (Chris Green)]

I replied to this message already when he posted it to linux-alert
IIRC.  He didn't reply though so here's my message again slightly edited.

I will say that these are some poor bugs.  I won't say that they
have the wide ranging implications that you imply.  The window manager
isn't going to save anyone if someone has access to your display.

Running programs with long argv[0]'sis just another way for a user to
shoot themselves in the foot by running a program that is doing
something nasty.  One more place to put a trojan but
thats about as far reaching as that goes.

the libPropList problem might be a bit bigger as at one time some of
GNOME was/is using it.

Buffer overflows are bugs.  Lots of them have security
implications.  Most do not.

Feel free to correct me if you feel I have my facts wrong here or I'm
overlooking some implication of the bugs.

Cheers,
Chris

Stan Bubrouski <bin () MAILANDNEWS COM> writes:

>          Back in June when I was fooling around with some
> programs I was writing, I found a serious buffer overflow in
> WindowMaker 0.60.0 and 0.52, but I assume previous versions
> are vulnerable as well. By replacing argv[0] of a program
> with a string longer than 249 characters, it is possible to
> overflow one of the programs buffers, causing it, and
> possibly X as well to crash. It is assumed this can be
> exploited remotely if you run an insecure X server. By
> default some distributions of Linux like RedHat come with X
> configured to allow everyone in the outside world access to
> your X-server. Anyway here is the guilty section of code,
> from wdefualts.c:

--
Chris Green <sprout () dok org> <grapeape () uab edu>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx