From kde-devel  Fri Aug 29 15:51:05 2008
From: Andreas Haumer <andreas () xss ! co ! at>
Date: Fri, 29 Aug 2008 15:51:05 +0000
To: kde-devel
Subject: Re: kde 3.5.10 hangs on startup!
Message-Id: <48B81AE9.9030406 () xss ! co ! at>
X-MARC-Message: https://marc.info/?l=kde-devel&m=122002514532537

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Just a short followup: I did some more testing and could
prove my theory: the hangs indeed are due to patches
introduced to start_kdeinit.c by user "mueller" with SVN
revision #801222 at Apr 25th, 2008.

The corresponding log message says:

"fix CVE-2008-1671: integer overflows and arbitrary
process kill vulnerability"


The following change to start_kedinit.c from kdelibs-3.5.10
makes the startup sequence work again:

- --- kdelibs3/kinit/start_kdeinit.c      19 Aug 2008 18:18:12 -0000      1.1.1.3
+++ kdelibs3/kinit/start_kdeinit.c      29 Aug 2008 10:42:15 -0000
@@ -150,8 +150,8 @@
~             if( ret <= 0 ) /* pipe closed or error, exit */
~                _exit(0);
~             if( pid != 0 ) {
- -                if (set_protection( pid, 0 ))
- -                    kill( pid, SIGUSR1 );
+             set_protection( pid, 0 );
+             kill( pid, SIGUSR1 );
~             }
~          }
~    }



Note: this is IMHO not the correct and final fix to solve the
problem, it's merely a prove that my initial theory is correct.
The original patch tried to change the behaviour of start_kdeinit.c
to *not* send a SIGUSR1 signal to just any PID written through a
pipe to the kdeinit process. The original patch is a security patch!

Alas, it breaks things for older Linux kernels, so it should be improved
in a way which fixes the security problem but also works with Linux-2.4!

Comments?

- - andreas

- --
Andreas Haumer                     | mailto:andreas@xss.co.at
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuBrjxJmyeGcXPhERAkTxAJ9hRktC0ZNfwGAVhK9DTYysCcbYJACgiR4Y
Ixk2c+M/3N6Eu2d3TM2H0lo=
=QM+z
-----END PGP SIGNATURE-----
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<