Bugtraq mailing list archives
gpm-root
From: egmont () FAZEKAS HU (egmont () FAZEKAS HU)
Date: Wed, 22 Mar 2000 18:21:43 -0000
Hi! I've sent report about the following security hole to the authors of gpm, but they seemed to ignore the problem. The problem applies to every gpm version known by me, for example 1.18.1 and 1.19.0. To exploit this problem, gpm-root must be running on a machine and the user needs both login to that machine and physical access to the keyboard and mouse. gpm-root is a beautiful tool shipped in the gpm package. It pops up beautiful menus based on each user's own config file when Ctrl+Mousebutton is pressed on the console. When the user selects one of his/her favourite utility from his/her own list, gpm-root starts this process with the group and supplementary groups of the gpm-root daemon. gpm-root calls setuid() first and setgid() afterwards, hence the later one is unsuccessful. The authors completely forgot about calling initgroups(). bye Egmont Koblinger
Current thread:
- gpm-root egmont () FAZEKAS HU (Mar 22)
- Re: gpm-root ADAM Sulmicki (Mar 22)
- Trend Micro releases Patch for "OfficeScan Unauthenticated CGI U sage" vulnerability Richard Sheng (Mar 22)
- Re: gpm-root Koblinger Egmont (Mar 23)
- Local Denial-of-Service attack against Linux Jay Fenlason (Mar 23)
- Re: Local Denial-of-Service attack against Linux Michal Zalewski (Mar 24)
- Re: Local Denial-of-Service attack against Linux dapozza (Mar 24)
- Hide Drives does not work with OUTLOOK 98 - Summary of Answers (W InNT4) DeAvillez, Carlos (Mar 24)
- Windows 2000 Internet Server Security Configuration Tool Microsoft Security Response Center (Mar 24)
- Irix Objectserver remote exploit Marcy Abene (Mar 29)
- New ZZ v1.2 Simple Nomad (Mar 29)
- Re: gpm-root ADAM Sulmicki (Mar 22)