Vulnerability Development mailing list archives

Re: possible gnome remote overflow

From: kay () PHREEDOM ORG (kay)
Date: Wed, 20 Oct 1999 13:42:20 +0300


On Tue, Oct 19, 1999 at 01:58:17AM +0000, Crispin Cowan wrote:

Ryan Permeh wrote:

This will crash an open X session, even from remote.  I do not know a
lot about gnome, but i do know X sessions
crashing is generally regarded as a "Bad Thing".  I poked at the code a
bit, but couldn't find the piece where
this is likely happening.


I'm not a GNOME guru too, but:

The program you refer to as gnome-ses is actually gnome-session, and it is
responsible for managing users' sessions (e.g. saving information about
active tasks, desktop geometry etc., on logout and restore everything on
the next logon).

Next, I failed to reproduce this on Debian Potato (unstable, upgraded up to
19 Oct 1999) using:

Linux kernel 2.2.12 + OpenWall ow6 patch
GNOME October Release
GNU libc 2.1.2
XFree86 3.3.5

First as a normal user I started a GNOME session using gdm (GNOME replacement
for xdm).

# dpkg -l libc6 gnome-session xlib6g gdm
[snip]
ii  libc6           2.1.2-5        GNU C Library: Shared libraries and timezone
ii  gnome-session   1.0.53-2       The Gnome Session Manager
ii  xlib6g          3.3.5-1        shared libraries required by X clients
ii  gdm             2.0-0.beta4.2  GNOME Display Manager
# lsof -i | grep gnome
gnome-ses 764    kay    3u  inet   1054       TCP *:1029 (LISTEN)
gnome-nam 828    kay    4u  inet   1295       TCP *:1039 (LISTEN)
gnomepage 839    kay    5u  inet   1370       TCP *:1042 (LISTEN)
# dd if=/dev/urandom count=1048576 ibs=1024 | nc localhost 1029
[...]

Nothing happend, GNOME was running just fine during and after my flooding.

If X and Gnome were StackGuarded, then you might get a present in your
syslog telling you the name of the function containing the smashed buffer:

   * if the buffer was an auto variable
   * and if the function containing the buffer tried to return *before* the
     core dump happened


Really neat features, IMHO.

Conversely, if someone can point us at an easy to recompile-from-source
pile of source RPMs for the necessary Gnome components, then we might take
a poike at it.


I think the GNOME distribution includes SRPM's as well as tarballs?

Regards,

--
key ID: 1024D/F00A7E3F (DSS)    user ID: kay <kay () phreedom org>
fingerprint: DDCC 1A8C 30C5 8C7B C7E3  8808 02C3 1A5D F00A 7E3F

Current thread:

possible gnome remote overflow Ryan Permeh (Oct 18)
- Re: possible gnome remote overflow Crispin Cowan (Oct 18)
  - Re: possible gnome remote overflow kay (Oct 20)
- Need help cracking wwwboard passwd.txt Devin Walters (Oct 18)
  - Re: Need help cracking wwwboard passwd.txt DarkAxis Communications User (Oct 19)
  - Re: Need help cracking wwwboard passwd.txt Todd C. Campbell (Oct 19)
  - Re: Need help cracking wwwboard passwd.txt Blue Boar (Oct 19)
  - Re: Need help cracking wwwboard passwd.txt Jeff Bachtel (Oct 19)
  - Re: Need help cracking wwwboard passwd.txt Rick Magill (Oct 19)
  - Re: Need help cracking wwwboard passwd.txt Jonas Luster (Oct 19)
- [update 2] Re: possible gnome remote overflow Elliot Lee (Oct 19)
- Re: possible gnome remote overflow Elliot Lee (Oct 19)
- Re: possible gnome remote overflow Crispin Cowan (Oct 24)

(Thread continues...)