svgalib risks
tibor simko
tibor.simko na aleph.dpp.fmph.uniba.sk
Pátek Listopad 28 17:36:43 CET 1997
>>>>> "jaroslav" == Jaroslav Benkovsky <benkovsk na pha.pvt.cz> writes:
jaroslav> Ale
jaroslav> funkce vga_init() ty prava ziskana pres SUID shazuje,
jaroslav> takze kdyz se pouzije na zacatku, tak IMHO to potom
jaroslav> nejde o moc vice exploitnout nez rozhodit obraz, ne?
pred casom na debian-devel mailingliste napisal joey hess toto:
Of course, svgalib does give up suid root permissions when it
initializes. However, there have been plenty of security problems in
the past with suid games that waited too long to give up their suid
root and were exploitable.
ps: jedna zaujimava alternativa k suidroot je ioperm, viacej na
http://www.inka.de/~bigred/sw/ioperm.txt...
--
tibor.simko na aleph.dpp.fmph.uniba.sk
Další informace o konferenci Linux