artswrapper defanged
Waldo Bastian
bastian at kde.org
Fri Jul 12 01:29:08 BST 2002
On Thursday 11 July 2002 04:27 pm, Rik Hemsley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have modified arts/soundserver/Makefile.am to stop it installing
> artswrapper suid and also stop asking the user to do so themselves
> if it fails.
>
> I have also modified artswrapper.c to stop trying to raise its own
> priority, in case someone does make the binary suid.
I don't think that's necassery. It is ok if someone wants to run artswrapper
suid as long as they are aware of the implications. The problem is that by
shipping it with suid by default people end up with a DOS vulnerability
without being aware of it.
Cheers,
Waldo
--
bastian at kde.org | SuSE Labs KDE Developer | bastian at suse.com
More information about the kde-core-devel
mailing list