vulnerabilty fixed
Alexander Neundorf
alexander.neundorf at gmx.net
Thu Oct 31 22:59:05 GMT 2002
Hi,
there was a vulnerabilty in kdenetwork/lanbrowsing/lisa/ running in restricted
mode (reslisa), which enabled a local root exploit, I fixed it immediatly as
it was reported to me.
Has sun_path on every system the same size ?
It's 108 bytes on my box, but google told me also something about 64 bytes.
Any reliable information ?
Patch attached, already commited.
Bye
Alex
--- netmanager.cpp 2002/02/02 10:30:58 1.14
+++ netmanager.cpp 2002/10/31 22:45:43
@@ -131,14 +131,25 @@ int NetManager::prepare()
m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
//m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
MyString socketName("/tmp/resLisa-");
- socketName+=getenv("LOGNAME");
+ char *logname=getenv("LOGNAME");
+ if (strlen(logname)>60)
+ {
+ std::cout<<"NetManager::prepare: your logname \""<<logname<<"\" is
longer than 60 characters, exiting."<<std::endl;
+ return 0;
+ }
+ socketName+=logname;
::unlink(socketName.data());
sockaddr_un serverAddr;
// bzero((char*)&serverAddr, sizeof(serverAddr));
memset((void*)&serverAddr, 0, sizeof(serverAddr));
serverAddr.sun_family = AF_LOCAL;
strcpy(serverAddr.sun_path,socketName.data());
More information about the kde-core-devel
mailing list