Home page logo

bugtraq logo Bugtraq mailing list archives

Re: gpm-root
From: rubini () LINUX IT (Alessandro Rubini)
Date: Thu, 23 Mar 2000 21:40:54 +0100

Hello Egmont.

I've sent report about the following security hole to the
authors of gpm, but they seemed to ignore the problem.

That's me, mainly. Unfortunately, I don't have any track of your
message about gpm-root.

gpm-root is a beautiful tool shipped in the gpm package.

Not really that beautiful. It was just meant to be a demo, in the hope
someone will develop a real root-window tool. Anyways, it's
distributed, so I care(d) about its bugs.

gpm-root calls setuid() first and setgid() afterwards, hence
the later one is unsuccessful. The authors completely forgot
about calling initgroups().

Thanks for your report, I'll fix it for 1.19.1, which I plan to
release in a few days. Since gpm is officially unmaintained,
gpm-1.19.1 will be the last one, hopefully, but I already had
it on schedule.

I want to thank Servio Medina for forwarding your message, as I
unsubscribed from bugtraq not long ago, due to excessive email load.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]