[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Serious bug in gdomap (from gnustep-base-1.3.3)
|
From: |
Pascal Bourguignon |
|
Subject: |
Re: Serious bug in gdomap (from gnustep-base-1.3.3) |
|
Date: |
Tue, 2 Jul 2002 12:23:56 +0200 (CEST) |
> From: James Kehl <mkehl@gil.com.au>
> Date: Tue, 02 Jul 2002 20:02:56 +1000
>
> Can I please beg you to make gdomap run as a user other than root by
> default!?
>
> I am using gnustep-base-1.3.3 compiled from source; running on RedHat
> Linux 7.3. Everything is default apart from using flattened paths in
> gnustep-make.
>
> Today's problem:
> --
> [shykta@mixmaster shykta]$ id -a
> uid=500(shykta) gid=100(users) groups=100(users),3(sys),20(games)
> [shykta@mixmaster shykta]$ la /etc/passwd
> -rw-r--r-- 1 root root 1592 Jul 2 19:15 /etc/passwd
> [shykta@mixmaster shykta]$ tail -n 1 /etc/passwd
> demouser:x:505:505::/home/demouser:/bin/bash
> [shykta@mixmaster shykta]$ /usr/GNUstep/System/Tools/gdomap -I /etc/passwd
> [shykta@mixmaster shykta]$ tail -n 1 /etc/passwd
> 28812
> --
>
> That's a very, very bad thing to happen. I'm sure there's even a
> creative way for a unprivileged user to get root access using this bug.
>
> I don't want to sound unfriendly (I like GNUstep) but I'm going to wait
> 7 days for a response to this email, and if I haven't heard from you by
> then, I'll be thinking about how to disclose this.
> ( a' la RFPolicy - http://www.wiretrip.net/rfp/policy.html )
>
> I apologise for the inconvenience!
>
> James.
Since this mail list is cloned to news://gnu.gnustep.bug, it's already
disclosed. Well, I guess you could pay an ad in the New-York Times to
get a greater audience.
--
__Pascal_Bourguignon__ http://www.informatimago.com/
----------------------------------------------------------------------