From: Richard B. <bo...@bo...> - 2002-07-12 08:18:08
|
In case you didn't know - there's a flap this week about a security hole in artsd. There's an advisory somewhereorother but I haven't investigated too far. The big guns seem to appear momentarily to wag their fingers and then thye disappeared. I'm sure there'll be more to follow though. B ---------- Forwarded Message ---------- Subject: artswrapper defanged Date: Fri, 12 Jul 2002 00:27:02 +0100 From: Rik Hemsley <ri...@kd...> To: kde...@kd..., kde...@kd... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have modified arts/soundserver/Makefile.am to stop it installing artswrapper suid and also stop asking the user to do so themselves if it fails. I have also modified artswrapper.c to stop trying to raise its own priority, in case someone does make the binary suid. I made these changes as a temporary measure until the denial of service vulnerability is fixed. I'm also a bit worried about other potential denial of service attacks appearing in the future. Is it true that all of artsd is running with raised priority ? Is it not then simple to create an attack which exploits a similar vulnerability ? Rik - -- http://rikkus.info -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9LhRG6rehpl6X9l0RAm5RAKCOIPr5a9sFESRqmnqRDZQ4A+zWhACZAUX9 8eOHEbGMySVfofHGUeXDTjw= =bqXt -----END PGP SIGNATURE----- _______________________________________________ kde-multimedia mailing list kde...@ma... http://mail.kde.org/mailman/listinfo/kde-multimedia ------------------------------------------------------- -- http://www.all-day-breakfast.com/rosegarden http://www.bownie.com |