artswrapper defanged
Rik Hemsley
rik at kde.org
Fri Jul 12 00:27:02 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have modified arts/soundserver/Makefile.am to stop it installing
artswrapper suid and also stop asking the user to do so themselves
if it fails.
I have also modified artswrapper.c to stop trying to raise its own
priority, in case someone does make the binary suid.
I made these changes as a temporary measure until the denial
of service vulnerability is fixed.
I'm also a bit worried about other potential denial of service
attacks appearing in the future. Is it true that all of artsd
is running with raised priority ? Is it not then simple to create
an attack which exploits a similar vulnerability ?
Rik
- --
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9LhRG6rehpl6X9l0RAm5RAKCOIPr5a9sFESRqmnqRDZQ4A+zWhACZAUX9
8eOHEbGMySVfofHGUeXDTjw=
=bqXt
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list