oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: various sddm vulnerabilities

From: Martin Bříza <mbriza () redhat com>
Date: Thu, 02 Oct 2014 19:17:23 +0200
On Wed, 01 Oct 2014 13:24:52 +0200, Sebastian Krahmer <krahmer () suse de> wrote: 


Hi

During review we found several issues in the sddm
display manager which allow local users to obtain
root privileges. More on this is here:

https://bugzilla.suse.com/show_bug.cgi?id=897788

Sebastian



Hi,
first, please let me thank you for your very valuable input, Sebastian.
We (me and d_ed, David Edmundson) took a look at this. Although we don't believe any of the issues you reported could lead to a privilege escalation (as some of the resulting bugreports suggest), we consider them to be security issues. Currently, there are two pull requests open [1] [2] potentionally fixing all mentioned issues. We're waiting for peer review from the other developers and possibly yours, too. 

Cheers,
Martin

[1] https://github.com/sddm/sddm/pull/279
[2] https://github.com/sddm/sddm/pull/280
Previous By Date Next
Previous By Thread Next

Current thread: