[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: We just appeared on BUGTRAQ
From:       Waldo Bastian <bastian () kde ! org>
Date:       2000-05-29 0:20:52
[Download RAW message or body]

On Sun, 28 May 2000, Daniel Naber wrote:
> On Mon, 29 Mai 2000, Geert Jansen wrote:
> > Anyway, it is fixed now. It might be a good idea to give kdesud (and
> > the other suid/sgid programs) a security audit before KDE2.0..
>
> Can you make a list of these programs? I wouldn't even know what
> programs to audit now...
>
> Regards
>  Daniel

All programs that install with a suid or sgid bit. 

According to grep "chmod" that are:
* kdebase/kdesu/kdesud
* kdebase/konsole/konsole_grantpty
* kdenetwork/kppp

kscd might be a good candidate as well, since it does a chmod 0777 on some 
stuff.

Note that sometimes a distribution decides to install a program with sgid bit 
(e.g. kscd on SuSE) while KDE itself does not. I guess it is the 
responsibility of the distribution to check those programs itself.

Cheers,
Waldo

[prev in list] [next in list] [prev in thread] [next in thread]