Bugtraq mailing list archives
Re: Linux GNOME exploit
From: msw () REDHAT COM (Matt Wilson)
Date: Mon, 27 Sep 1999 18:21:50 -0400
On Mon, Sep 27, 1999 at 04:35:50PM -0500, Brock Tellier wrote:
We may be missing the point here. This isn't necessarily a nethack or RH 6.0 vulnerability, it is a GNOME vulnerability and nothing more. The "redhat" and "nethack" names were purely for demonstration purposes. If Red Hat is concerned about losing face over an vulnerability like this, perhaps they should consult those who package Mandrake as "Red Hat Linux 6.0 with enhancements" and ship it with /etc/redhat-release.
We can not take credit OR blame for those enhancements - including nethack - that MandrakeSoft adds to Red Hat Linux. /etc/redhat-release remains for compatibility, as does the RedHat link on the CD-ROM images. Linux Mandrake 6.1 was released before Red Hat Linux 6.1 anyway, so they can't brand the next version as "Red Hat Linux 6.1 with enhancements." You said, "I tried it on (the irony) /usr/games/nethack, which is SGID root by default on RH6.0." This is a false statement. We do not loose face, you do by making utterly false claims. We do not ship any GNOME programs with setuid/gid bits that give anything more than 'games' group access and 'wtmp' group access (which is gnome-pty-helper, not a full GNOME application, therefore immune to your reported bug). So, my point: You can not use your exploit on GNOME applications as shipped in Red Hat Linux 6.0 to gain extra privileges beyond the current user privileges that allow you to do anything beyond changing your high score in gnomine. Matt msw () redhat com
Current thread:
- Linux GNOME exploit Brock Tellier (Sep 23)
- Re: Linux GNOME exploit Alan Cox (Sep 27)
- Re: Linux GNOME exploit Brock Tellier (Sep 27)
- Re: Linux GNOME exploit Matt Wilson (Sep 27)
- Re: Linux GNOME exploit Ron DuFresne (Sep 29)
- Re: Linux GNOME exploit Slackware Security Team (Sep 29)
- Multiple Vendor ARCAD permission problems Brock Tellier (Sep 29)
- Re: Linux GNOME exploit Chmouel Boudjnah (Sep 27)
- <Possible follow-ups>
- Re: Linux GNOME exploit Elliot Lee (Sep 27)
- Re: Linux GNOME exploit Adam Sampson (Sep 28)
- Re: Linux GNOME exploit Thomas Biege (Sep 28)