mailing list archives
Re: TESO & C-Skills development advisory -- imwheel
From: whitevampire () MINDLESS COM (WHiTe VaMPiRe)
Date: Sun, 19 Mar 2000 11:31:56 -0500
On Thu, Mar 16, 2000 at 02:38:47PM +0100, Sebastian(krahmer () CS UNI-POTSDAM DE) wrote:
: TESO Security Advisory
: imwheel local root compromise
The Slackware package available from Linuxmafia.org
(http://linuxmafia.org/pcentral/search_view.php3?name=imwheel) is not
effected by this, as it does not package with the SUID wrapper. (The
binary included is also not set SUID.) This is with version 0.9.6 of
A SUID wrapper should simply not be necessary in the first
As far as I can tell the standard package of imwheel 0.9.7 does
not have a wrapper. However, during 'installation,' it will prompt you
asking whether or not to install SUID.
An excerpt from the Makefile:
## Setting UID, this is best for non-root usage!
## This does not effect usage for root users. (duh!)
## This gives all users kill privileges for other imwheel processes.
Judging from that, if you setup imwheel to be started via the
users' xinit scripts, and killed upon logout, it would have the same
To reiterate, SUID is just a quick cop-out for a better
setup. If it is a one-user desktop machine, even less than that would
have to be done.
__ ______ ____
/ \ / \ \ / / WHiTe VaMPiRe\Rem
\ \/\/ /\ Y / whitevampire () mindless com
\ / \ / http://www.projectgamma.com/
\__/\ / \___/ http://www.gammaforce.org/
\/ "Silly hacker, root is for administrators."
<LI>application/pgp-signature attachment: stored