[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: artswrapper defanged
From:       Waldo Bastian <bastian () kde ! org>
Date:       2002-07-12 0:29:08
[Download RAW message or body]

On Thursday 11 July 2002 04:27 pm, Rik Hemsley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have modified arts/soundserver/Makefile.am to stop it installing
> artswrapper suid and also stop asking the user to do so themselves
> if it fails.
>
> I have also modified artswrapper.c to stop trying to raise its own
> priority, in case someone does make the binary suid.

I don't think that's necassery. It is ok if someone wants to run artswrapper 
suid as long as they are aware of the implications. The problem is that by 
shipping it with suid by default people end up with a DOS vulnerability 
without being aware of it.

Cheers,
Waldo
-- 
bastian@kde.org  |   SuSE Labs KDE Developer  |  bastian@suse.com

[prev in list] [next in list] [prev in thread] [next in thread]