-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Samstag, 28. Dezember 2002 16:09, Russell Coker wrote:
I just received a message from Dirk Müller saying that this bug has been already fixed in HEAD. Thanks, Ralf > Here is a demonstration of a problem that was in kde 3.0.4 as well. I have > run the command "sleep 100" twice, PID 6482 is from Konsole, PID 6493 is > from an Xterm launched by selecting the "Run Command" menu option and > typing "xterm". I used "sleep" to demonstrate this problem as it's a > program that hangs around, it doesn't do much else to distract us from the > problem at hand, and it's something that everyone has to reproduce the > problem. > > Notice that in the copy of sleep run from konsole (6482) the file handles > are what you expect, a few shared object, a controlling tty, a home > directory and a root directory. > > Notice that in the copy of sleep run from xterm (6493) there are also open > file handles for two named pipes and the ~/Desktop directory. I believe > that this is a minor security risk. If I run an xterm and then use it to > run a SUID wrapper program that runs an insecure or hostile program then if > that wrapper program does not close all file handles (su does but other > programs may not) then the hostile program may get access to ~/Desktop in > my home directory! > > I discovered this bug through my SE Linux logs. Some programs were logged > as inheriting file handles that they were not allowed to access when I used > an xterm. > > [EMAIL PROTECTED]:~$ lsof | grep sleep > sleep 6482 rjc cwd DIR 3,7 6640 2015 /home/rjc > sleep 6482 rjc rtd DIR 3,2 584 2 / > sleep 6482 rjc txt REG 3,2 11336 49958 /bin/sleep > sleep 6482 rjc mem REG 3,2 82348 7970 > /lib/ld-2.3.1.so sleep 6482 rjc mem REG 3,2 130964 > 8840 /lib/libm-2.3.1.so sleep 6482 rjc mem REG 3,2 26592 > 26552 > /lib/librt-2.3.1.so > sleep 6482 rjc mem REG 3,2 1102952 8292 > /lib/libc-2.3.1.so sleep 6482 rjc mem REG 3,2 81959 > 26556 > /lib/libpthread-0.10.so > sleep 6482 rjc 0u CHR 136,2 1716 /dev/pts/2 > sleep 6482 rjc 1u CHR 136,2 1716 /dev/pts/2 > sleep 6482 rjc 2u CHR 136,2 1716 /dev/pts/2 > sleep 6493 rjc cwd DIR 3,7 6640 2015 /home/rjc > sleep 6493 rjc rtd DIR 3,2 584 2 / > sleep 6493 rjc txt REG 3,2 11336 49958 /bin/sleep > sleep 6493 rjc mem REG 3,2 82348 7970 > /lib/ld-2.3.1.so sleep 6493 rjc mem REG 3,2 130964 > 8840 /lib/libm-2.3.1.so sleep 6493 rjc mem REG 3,2 26592 > 26552 > /lib/librt-2.3.1.so > sleep 6493 rjc mem REG 3,2 1102952 8292 > /lib/libc-2.3.1.so sleep 6493 rjc mem REG 3,2 81959 > 26556 > /lib/libpthread-0.10.so > sleep 6493 rjc 0u CHR 136,3 1734 /dev/pts/3 > sleep 6493 rjc 1u CHR 136,3 1734 /dev/pts/3 > sleep 6493 rjc 2u CHR 136,3 1734 /dev/pts/3 > sleep 6493 rjc 6r FIFO 0,5 1065293 pipe > sleep 6493 rjc 7w FIFO 0,5 1065293 pipe > sleep 6493 rjc 13r DIR 3,7 688 4285 > /home/rjc/Desktop [EMAIL PROTECTED]:~$ > > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/ Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page - -- We're not a company, we just produce better code at less costs. - -------------------------------------------------------------------- Ralf Nolden [EMAIL PROTECTED] The K Desktop Environment The KDevelop Project http://www.kde.org http://www.kdevelop.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Dd1pu0nKi+w1Ky8RAhSxAJ9SuTJG7b+vPwCM+bgDRK1ZTsMQWgCcDx2i KjSgBHqrpoOoHBoEtg+EzTU= =8P3N -----END PGP SIGNATURE-----
