On Wed, 18 Aug 2004 01:45:07 -0700, Steve Langasek wrote: > On Wed, Aug 18, 2004 at 09:14:27AM +0100, Steve Kemp wrote: >> On Tue, Aug 17, 2004 at 06:32:30PM -0700, Ken Bloom wrote: > >> > The third was written by someone else, but it's very useful: >> > Package: svp >> > Version: 0.2-3 >> > Description: An SVGAlib based viewer for PostScript and PDF files >> > svp is an SVGAlib based GhostScript frontend, allowing you to view >> > PostScript and PDF files on your virtual consoles. > >> > All of my packages are at http://wwwcsif.cs.ucdavis.edu/~bloom/ > >> I will sponsor this package when it has been fixed to avoid a local >> root attack. > >> The binary is installed setuid(root), and contains the following >> code: > >> snprintf(command, 255, "gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=nullpage >> \"%s\" 2>&1", filename); >> f=popen(command, "r"); > >> That is it invokes a copy of 'gs' without dropping root privileges and >> without specifying the path to gs. This allows a local user to setup >> a trojan gs command and use it to gain root... > >> Appropriate solutions could be forking and dropping privileges >> temporarily, dropping the +s bit, or something else. > > Do we really want to be adding to the number of svgalib-based programs > in the archive? Surely this isn't the only security problem lurking...
So perhaps nobody's interested in another SVGAlib program, especially seeing another program that does the same thing (Which I hadn't been aware of). But is anybody interested in helping me with zmanim and qtzmanim? -- I usually have a GPG digital signature included as an attachment. See http://www.gnupg.org/ for info about these digital signatures. My key was last signed 08/18/2004. If you use GPG *please* see me about signing the key. ***** My computer can't give you viruses by email. ***
