Vulnerability Development mailing list archives
Re: possible gnome remote overflow
From: kay () PHREEDOM ORG (kay)
Date: Wed, 20 Oct 1999 13:42:20 +0300
On Tue, Oct 19, 1999 at 01:58:17AM +0000, Crispin Cowan wrote:
Ryan Permeh wrote:This will crash an open X session, even from remote. I do not know a lot about gnome, but i do know X sessions crashing is generally regarded as a "Bad Thing". I poked at the code a bit, but couldn't find the piece where this is likely happening.
I'm not a GNOME guru too, but: The program you refer to as gnome-ses is actually gnome-session, and it is responsible for managing users' sessions (e.g. saving information about active tasks, desktop geometry etc., on logout and restore everything on the next logon). Next, I failed to reproduce this on Debian Potato (unstable, upgraded up to 19 Oct 1999) using: Linux kernel 2.2.12 + OpenWall ow6 patch GNOME October Release GNU libc 2.1.2 XFree86 3.3.5 First as a normal user I started a GNOME session using gdm (GNOME replacement for xdm). # dpkg -l libc6 gnome-session xlib6g gdm [snip] ii libc6 2.1.2-5 GNU C Library: Shared libraries and timezone ii gnome-session 1.0.53-2 The Gnome Session Manager ii xlib6g 3.3.5-1 shared libraries required by X clients ii gdm 2.0-0.beta4.2 GNOME Display Manager # lsof -i | grep gnome gnome-ses 764 kay 3u inet 1054 TCP *:1029 (LISTEN) gnome-nam 828 kay 4u inet 1295 TCP *:1039 (LISTEN) gnomepage 839 kay 5u inet 1370 TCP *:1042 (LISTEN) # dd if=/dev/urandom count=1048576 ibs=1024 | nc localhost 1029 [...] Nothing happend, GNOME was running just fine during and after my flooding.
If X and Gnome were StackGuarded, then you might get a present in your syslog telling you the name of the function containing the smashed buffer: * if the buffer was an auto variable * and if the function containing the buffer tried to return *before* the core dump happened
Really neat features, IMHO.
Conversely, if someone can point us at an easy to recompile-from-source pile of source RPMs for the necessary Gnome components, then we might take a poike at it.
I think the GNOME distribution includes SRPM's as well as tarballs? Regards, -- key ID: 1024D/F00A7E3F (DSS) user ID: kay <kay () phreedom org> fingerprint: DDCC 1A8C 30C5 8C7B C7E3 8808 02C3 1A5D F00A 7E3F
Current thread:
- possible gnome remote overflow Ryan Permeh (Oct 18)
- Re: possible gnome remote overflow Crispin Cowan (Oct 18)
- Re: possible gnome remote overflow kay (Oct 20)
- Need help cracking wwwboard passwd.txt Devin Walters (Oct 18)
- Re: Need help cracking wwwboard passwd.txt DarkAxis Communications User (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Todd C. Campbell (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Blue Boar (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Jeff Bachtel (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Rick Magill (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Jonas Luster (Oct 19)
- [update 2] Re: possible gnome remote overflow Elliot Lee (Oct 19)
- Re: possible gnome remote overflow Elliot Lee (Oct 19)
- Re: possible gnome remote overflow Crispin Cowan (Oct 24)
(Thread continues...)
- Re: possible gnome remote overflow Crispin Cowan (Oct 18)