[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: konsole security fix in kde-1.1 branch requieres glibc >= 2.1
From:       Lars Knoll <knoll () mpi-hd ! mpg ! de>
Date:       1999-03-18 14:08:16
[Download RAW message or body]

On Thu, 18 Mar 1999, Leon Widdershoven wrote:
>Sven Radej wrote:
>> 
>> On Thu, 18 Mar 1999, Lars Doelle wrote:
>> >Folks,
>> >
>> >i just committed a fix to a known security issue with konsole.
>> >
>> >To prevent eavesdropping a session on the pseudo tty, the device has to be
>> >changed to proper owner/group and rights when opening the tty. This is more
>> >complicate, since this requires root privileges. Now since i strongly dislike
>> >root-suid programs > very few lines, i used the grantpt function for this which
>> >is a glibc2.1 member, to keep konsole a non-suid program. The contradicting
>> >privilege requirement has long delayed this fix.
>> >
>> >This means, konsole now requires glibc >= 2.1. Since this version may or may
>> >not be available at some distributions when kde-1.1.1 comes out, konsole is
>> >planed to compile and install only if the required glibc version is available.
>> >
>> >The HEAD version of konsole will more firmly base on glibc2.1. This will have
>> >many advantages in respect of portability, support of Unix98 PTYs and simplicity.
>> 
>> Can't you make this #ifdef'd? Slackware will have KDE as default desktop, and
>> for quite some time it will be libc5 based.
>> 
>>  --
>> Sven Radej     radej@kde.org
>> KDE developer   Visit http://www.kde.org
>
>
>I think I won't apply the same patch to kvt, so a terminal emulation
>will 
>always be present.
>In the docs, I will make clear that konsole is the preferred terminal
>emulator,
>but that for compatibility reasons kvt is still supplied.
>
>Maybe that would be a solution?

I would prefer Sven's solution. konsole is thought to be a replacement for
kvt, and has many advantages as compared to kvt. If this is the case, I
can't see why one would wan't konsole to be dropped for 90% of all unix
systems out there (Most of the Linux/*BSD systems out there are still not based
on glibc-2.1, and what about commercial unices like Solaris, OSF probably never
will be...) Another disadvantage is, that most people will just upgrade from
1.1 to 1.1.1, and will then still have the old konsole from 1.1 without any
fix, since it'll just not get upgraded.

I might be missing something, but what is so bad about making konsole suid,
changing the ptty to the proper owner/group in the first three lines of main(),
and then immediatly dropping all privileges?

Cheers,
Lars

[prev in list] [next in list] [prev in thread] [next in thread]