artswrapper defanged

Rik Hemsley rik at kde.org
Fri Jul 12 00:27:02 BST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have modified arts/soundserver/Makefile.am to stop it installing
artswrapper suid and also stop asking the user to do so themselves
if it fails.

I have also modified artswrapper.c to stop trying to raise its own
priority, in case someone does make the binary suid.

I made these changes as a temporary measure until the denial
of service vulnerability is fixed.

I'm also a bit worried about other potential denial of service
attacks appearing in the future. Is it true that all of artsd
is running with raised priority ? Is it not then simple to create
an attack which exploits a similar vulnerability ?

Rik

- -- 
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9LhRG6rehpl6X9l0RAm5RAKCOIPr5a9sFESRqmnqRDZQ4A+zWhACZAUX9
8eOHEbGMySVfofHGUeXDTjw=
=bqXt
-----END PGP SIGNATURE-----





More information about the kde-core-devel mailing list