Hi,
I haven't been watching this discussion closely, but here are some
comments that might be of help:
On Fri, Aug 26, 2011 at 11:07:20AM +0200, Yves-Alexis Perez wrote:
> Would something like:
>
> diff --git a/src/dmrc.c b/src/dmrc.c
> index bff1da8..9f38faf 100644
> --- a/src/dmrc.c
> +++ b/sr
(droppping oss-sec in order to not be too noisy)
On ven., 2011-08-26 at 10:58 +0200, Yves-Alexis Perez wrote:
> > You probably dont take into account the chown() that happens in lightdm.
> > Just unlink the created ~/.dmrc or ~/.Xauthority files after creation and
> > make a symlink
> > to /etc/p
On ven., 2011-08-26 at 10:58 +0200, Yves-Alexis Perez wrote:
> > However I didnt dig deep enough into it to write an exploit as I dont have
> > a working lightdm setup. The correct behavior is to temporarily drop
> > euid/fsuid
> > to that of the user if doing anything with his files.
>
> Yeah, I
Hi,
You probably dont take into account the chown() that happens in lightdm.
Just unlink the created ~/.dmrc or ~/.Xauthority files after creation and make
a symlink
to /etc/passwd to chown it to yourself.
However I didnt dig deep enough into it to write an exploit as I dont have
a working light
On ven., 2011-08-26 at 10:43 +0200, Sebastian Krahmer wrote:
> Hi,
>
> You probably dont take into account the chown() that happens in lightdm.
> Just unlink the created ~/.dmrc or ~/.Xauthority files after creation and
> make a symlink
> to /etc/passwd to chown it to yourself.
The chown will be
On mer., 2011-08-24 at 20:55 +0200, Yves-Alexis Perez wrote:
> And, out of curiosity, how would you achieve privilege escalation? You
> should be able to erase/rewrite arbitrary files, including /etc/shadow,
> but you don't really have control on what's written there.
In gdm (CVE-2011-0727 I gues
On mer., 2011-08-24 at 18:56 +0200, Yves-Alexis Perez wrote:
> On mer., 2011-08-24 at 18:33 +0200, Moritz Muehlenhoff wrote:
> > Sebastian Kramer posted the following to oss-security:
> >
> > ---
> >
> > From: Sebastian Krahmer
> > To: oss-secur...@lists.openwall.com
> > Cc: robert.anc...@canoni
On mer., 2011-08-24 at 18:33 +0200, Moritz Muehlenhoff wrote:
> Sebastian Kramer posted the following to oss-security:
>
> ---
>
> From: Sebastian Krahmer
> To: oss-secur...@lists.openwall.com
> Cc: robert.anc...@canonical.com
> Subject: [oss-security] lightdm issues
>
> Hi,
>
> lightdm (0.9.2
Package: lightdm
Severity: grave
Tags: security
Sebastian Kramer posted the following to oss-security:
---
From: Sebastian Krahmer
To: oss-secur...@lists.openwall.com
Cc: robert.anc...@canonical.com
Subject: [oss-security] lightdm issues
Hi,
lightdm (0.9.2) which aims to be a xdm replacement
9 matches
Mail list logo
