[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnuplot-info-beta
Subject:    Re: Linux /usr/bin/gnuplot overflow
From:       Jonathan Thornburg <jthorn () galileo ! thp ! univie ! ac ! at>
Date:       1999-03-05 18:19:22
[Download RAW message or body]

I wrote:
JT> If it's just for scribbling directly on the frame buffer without a window
JT> system running, then I'd vote _strongly_ for dropping this from the default
JT> installation -- gnuplot is not even _close_ to secure against buffer
JT> overruns, and most security policies would (IMHO quite rightly) flatly
JT> forbid installing it suid-root.

Hans-Bernhard Broeker <broeker@physik.rwth-aachen.de> replied:
HBB> OTOH, no-one with any kind of security concern on their mind would install
HBB> SVGAlib, in its current state, would they?
and later
HBB> Well spoken, but if anything like a 'security policy' is active, svgalib
HBB> most certainly wouldn't be present on the system, to begin with, and
HBB> gnuplot would thus never be installed suid root. 

I'm afraid I disagree, on two somewhat different grounds:

First, svgalib _itself_ isn't a security hole, the problem only arises
when you have an insecure suid-root program (whether using svgalib or not!).
That is, the security risk doesn't come from having svgalib present,
but only from applying that magic `chown root; chmod +s' to an insecure
program.  One could quite reasonably have svgalib present, with only
known-to-be-secure programs getting the suid-root blessing.  So I don't
think the mere _existence_ of svgalib should be taken to imply a lack
of concern for security.

Second, in practice, vendors (eg RedHat) ship svgalib on their cdroms
sans security warnings, so many system administrators will go ahead
and install it, not knowing of the potential security risks.  The new
warning

HBB>   Where is the help file?           /usr/local/share/gnuplot.gih
HBB> 
HBB>   Enable generation of GIF files
HBB>   Enable generation of PNG files
HBB>   Use builtin minimal readline
HBB>   Use the Linux console driver
HBB>     SECURITY NOTICE: gnuplot will be installed suid root!
HBB>   Use the X Window System

is a big improvement here -- you'd have to be pretty careless to
overlook _that_.


But even with the warning, I'd be considerably happier if we followed
Lars Hecking's suggestion:

LH> I should probably make --without-linux-vga the default in
LH> configure, so that this feature must be enabled explicitly.

-- 
-- Jonathan Thornburg <jthorn@galileo.thp.univie.ac.at>
   Universität Wien / Institut für Theoretische Physik
   "Washing one's hands of the conflict between the powerful and the powerless
    means to side with the powerful, not to be neutral." - Freire / OXFAM

[[[[ unsubscribe from info-gnuplot-beta via majordomo@dartmouth.edu ]]]]

[prev in list] [next in list] [prev in thread] [next in thread]