'Re: KDE1.1.1 ?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: KDE1.1.1 ?
From:       Mathias Kettner <kettner () suse ! de>
Date:       1999-02-24 7:37:12
[Download RAW message or body]

> Some fairly obvious segfault fixes are in konsole 
> on the KDE_1_1_BRANCH.  I hope they'll be included
> (Is that the right branch to have committed to?)
 
Will there be a security bugfix for konsole, too?
Unfortunately it is still possible for every user
read other users ttys, if they use konsole. The
reason is, that konsole doesn't chown the /dev/ttyp..
to the user and doesn't disable reading for group and others.

Using a simple shell script each other user can
read the tty including typed in passwords.

konsole MUST be suid or use some other means
to chown the tty. Please don't give up 20 years
of UNIX experiance!!
 
> -- 
> Peter
> 
> 


--
Gruss,

   Mathias         .'\   /.
                 .'.-.-'.-..
            ..._:   .-. .-.   :_...
          .'    '-.(o ) (o ).-'    .
         :  _    _ _~(_)~_ _    _  :
        :  /:   ' .-=_   _=-.    ;\  :
        :   :|-.._  '       _..-|:   :
         :   :| |:-:-.-:-:'| |:'   :
          .   .| | | | | | |.'   .'
            .   -:_| | |_:-'   .'
              -._   ``    _.-'
                  `-------''

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic