artswrapper defanged
Neil Stevens
neil at qualityassistant.com
Fri Jul 12 07:49:25 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday July 11, 2002 04:27, Rik Hemsley wrote:
> I have modified arts/soundserver/Makefile.am to stop it installing
> artswrapper suid and also stop asking the user to do so themselves
> if it fails.
Changing the default install permissions is reasonable.
> I have also modified artswrapper.c to stop trying to raise its own
> priority, in case someone does make the binary suid.
>
> I made these changes as a temporary measure until the denial
> of service vulnerability is fixed.
It's not a vulnerability, it's an intentional feature.
> I'm also a bit worried about other potential denial of service
> attacks appearing in the future. Is it true that all of artsd
> is running with raised priority ? Is it not then simple to create
> an attack which exploits a similar vulnerability ?
Yes, artsd can run with a higher priority. The artswrapper for realtime
has been in KDE since before the 1.90 prerelease, and it's been in
KControl since at least KDE 2.1. The capability to run 200
mpeglibartsplays and take down the whole system has always been there.
There's no sudden need to remove the functionality, though. KDE doesn't
just run on systems with untrusted users. It also runs on single-user
systems. The two types of system have different security situations:
different threat models, and different needed functionality. Multiuser
systems sometimes need the "kiosk" lockdown of functionality, but single
user systems do not. Applying the same threat model to all systems isn't
security. It's a distraction from security, and only results in a removal
of useful features.
So I ask that you revert two parts of your commit: The part removing the
warning that suid root is needed for realtime, and the part uncontionally
removing the realtime grab. Or instead, perhaps, add a configure option
that both turns on the ifdef, the warning, and the grab of the suid bit.
thanks,
- --
Neil Stevens - neil at qualityassistant.com
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9Lnv8f7mnligQOmERAtItAJ4/aRNNPliZvk7UoS+fkf245BaZagCfUqV5
qmvhyn40oJ54lTLBdU9ruhE=
=74IZ
-----END PGP SIGNATURE-----
More information about the kde-multimedia
mailing list