[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: Xwindows Security Hole in OpenBSD 3.8
From:       Dave Feustel <dfeustel () mindspring ! com>
Date:       2005-12-24 20:47:58
Message-ID: 200512241547.59710.dfeustel () mindspring ! com
[Download RAW message or body]

On Saturday 24 December 2005 14:57, Matthew Closson wrote:
> On Sat, 24 Dec 2005, Dave Feustel wrote:
> 
> > I hate to send this Christmas present to misc,
> > but there is definitely a security hole in Xwindows
> > which permits exploits to be committed at least
> > with user permissions, if not root permissions.
> > Since the problem appears to be in Xwindows,
> > using KDE may be inadviseable. I'm considering
> > going back totally to console mode now that
> > I'm aware of the problem.
> >
> > Dave Feustel
> > -- 
> > Lose, v., experience a loss, get rid of, "lose the weight"
> > Loose, adj., not tight, let go, free, "loose clothing"
> >
> >
> 
> Dave,
> 
> And do you care to share this monumental discovery of yours?

Should I assume from the comment above that you already know 
about this security hole?

> Also if your flaw is in X then what does KDE have to do with that?

As far as I can guess so far, the security hole is via Xwindows and the exploit
of that security hole appears to involve some combination of kde's kio, konsole
and uiserver which permits the perp to execute commands with the permissions of the
account using kde. The lack of kgrant_pty on openbsd seems also to facilitate the
exploit. At this point I have hard evidence (for myself, but probably not for others)
that certain security-related file permissions are being changed by someone else
but me, and I am the only (authorized) user of this system. (I am the person
doing the authorization :-) ). So far I have seen nothing that could not be done
with my user permissions (ie no sign of changes requiring root privileges).

The penetrating perp seems to know Xwindows and kde inside and out - certainly a lot
better than I do. I *am* learning things while poking around though :-).

> Merry Christmas,
> 
>  			-Matt-
> 

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

[prev in list] [next in list] [prev in thread] [next in thread]