Bugtraq mailing list archives
Re: gpm-root
From: egmont () FAZEKAS HU (Koblinger Egmont)
Date: Thu, 23 Mar 2000 14:45:15 +0100
I sent them the bug report and the patch several times even before the 1.18.x releases. Okay, I didn't read the README of 1.19, I just thought it was time to tell the world not to install gpm-root, because the authors simply ignored this security problem. Okay, you're right, I send the patch at the end of this message. bye Egmont
Well, if you would check README in 1.19.0 version, you would notice following fragment: =========== MAINTAINANCE As of 1.19.0, gpm is officially unmaintained. I can't do it any more, and nobody expressed interest in it. So I don't think it is fair to blame someone who spent a great deal of their time doing gpm and has just quit it. Instead of blaming them how about making up a patch and telling everybody "here's a patch which fixes this problem".
diff -u -r -N ../gpm-1.19.0.orig/doc/doc.gpm ./doc/doc.gpm --- ../gpm-1.19.0.orig/doc/doc.gpm Mon Feb 7 23:34:00 2000 +++ ./doc/doc.gpm Thu Mar 23 14:37:43 2000 @@ -1969,6 +1969,12 @@ be broken by this daemon. Things should be sufficiently secure, but if you find a hole please tell me about it. +@item -r + Always run commands as root instead of the user who owns the tty. + Implies -u. This is useful for those system administrators who + put menu entries to reboot or halt the system, start or stop + xdm, change keyboard layout etc. + @item -D Do not automatically enter background operation when started, and log messages to the standard error stream, not the syslog diff -u -r -N ../gpm-1.19.0.orig/gpm-root.y ./gpm-root.y --- ../gpm-1.19.0.orig/gpm-root.y Thu Oct 7 20:15:18 1999 +++ ./gpm-root.y Thu Mar 23 14:37:43 2000 @@ -41,6 +41,7 @@ #include <sys/syslog.h> #include <signal.h> /* sigaction() */ #include <pwd.h> /* pwd entries */ +#include <grp.h> /* initgroups() */ #include <sys/kd.h> /* KDGETMODE */ #include <sys/stat.h> /* fstat() */ #include <sys/utsname.h> /* uname() */ @@ -117,6 +118,7 @@ int opt_mod = 4; /* control */ int opt_buf = 0; /* ask the kernel about it */ int opt_user = 1; /* allow user cfg files */ +int opt_root = 0; /* run everything as root */ @@ -447,6 +449,7 @@ void f__fix(struct passwd *pass) { setgid(pass->pw_gid); + initgroups(pass->pw_name, pass->pw_gid); setuid(pass->pw_uid); setenv("HOME", pass->pw_dir, 1); setenv("LOGNAME", pass->pw_name,1); @@ -539,7 +542,7 @@ return 1; case 0: - setuid(uid); + if (opt_root) uid=0; pass=getpwuid(uid); if (!pass) exit(1); f__fix(pass); @@ -926,6 +929,7 @@ printf(" Valid options are\n" " -m <number-or-name> modifier to use\n" " -u inhibit user configuration files\n" + " -r run commands as root\n" " -D don't auto-background and run as daemon\n" " -V <verbosity-delta> increase amount of logged messages\n" ); @@ -971,12 +975,13 @@ int opt; gpm_log_daemon = 1; - while ((opt = getopt(argc, argv,"m:uDV::")) != -1) + while ((opt = getopt(argc, argv,"m:urDV::")) != -1) { switch (opt) { case 'm': opt_mod=getmask(optarg, tableMod); break; case 'u': opt_user=0; break; + case 'r': opt_root=1; opt_user=0; break; case 'D': gpm_log_daemon = 0; break; case 'V': gpm_debug_level += (0 == optarg ? 1 : strtol(optarg, 0, 0));
Current thread:
- gpm-root egmont () FAZEKAS HU (Mar 22)
- Re: gpm-root ADAM Sulmicki (Mar 22)
- Trend Micro releases Patch for "OfficeScan Unauthenticated CGI U sage" vulnerability Richard Sheng (Mar 22)
- Re: gpm-root Koblinger Egmont (Mar 23)
- Local Denial-of-Service attack against Linux Jay Fenlason (Mar 23)
- Re: Local Denial-of-Service attack against Linux Michal Zalewski (Mar 24)
- Re: Local Denial-of-Service attack against Linux dapozza (Mar 24)
- Hide Drives does not work with OUTLOOK 98 - Summary of Answers (W InNT4) DeAvillez, Carlos (Mar 24)
- Windows 2000 Internet Server Security Configuration Tool Microsoft Security Response Center (Mar 24)
- Irix Objectserver remote exploit Marcy Abene (Mar 29)
- New ZZ v1.2 Simple Nomad (Mar 29)
- [RHSA-2000:008-01] ircii buffer overflow bugzilla () REDHAT COM (Mar 30)
- Microsoft Security Bulletin (MS00-019) Microsoft Product Security (Mar 30)
- Microsoft Security Bulletin (MS00-021) Microsoft Product Security (Mar 30)
- Re: gpm-root ADAM Sulmicki (Mar 22)