[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    We just appeared on BUGTRAQ
From:       Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date:       2000-05-28 22:26:37
[Download RAW message or body]

Hi,

There was an exploitable buffer overrun in kdesud reported on the BUGTRAQ
mailing list. Anyone with a shell account can gain the access to the group
as which kdesud is installed sgid.

By default, it is installed nogroup, so the damage is probably zero in this
case. Mandrake, however, seems to have installed it sgid 0.

Anyway, it is fixed now. It might be a good idea to give kdesud (and
the other suid/sgid programs) a security audit before KDE2.0.. 

Greetings
 -- 
    Geert Jansen                       email: <g.t.jansen at stud.tue.nl>
    Phylosopher, Physicist,                    email: <jansen at kde.org>           
    KDE enthusiast                                 PGP key ID: 0xD2B5E7CE            

[prev in list] [next in list] [prev in thread] [next in thread]