[12029] in bugtraq
Re: Linux GNOME exploit
daemon@ATHENA.MIT.EDU (Matt Wilson)
Tue Sep 28 14:31:20 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990927182150.N31663@devserv.devel.redhat.com>
Date: Mon, 27 Sep 1999 18:21:50 -0400
Reply-To: Matt Wilson <msw@REDHAT.COM>
From: Matt Wilson <msw@REDHAT.COM>
X-To: Brock Tellier <btellier@webley.com>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <062301bf0930$449ddda0$3177a8c0@webley>; from Brock Tellier on
Mon, Sep 27, 1999 at 04:35:50PM -0500
On Mon, Sep 27, 1999 at 04:35:50PM -0500, Brock Tellier wrote:
> We may be missing the point here. This isn't necessarily a nethack
> or RH 6.0 vulnerability, it is a GNOME vulnerability and nothing more.
> The "redhat" and "nethack" names were purely for demonstration purposes.
> If Red Hat is concerned about losing face over an vulnerability like
> this, perhaps they should consult those who package Mandrake as "Red Hat
> Linux 6.0 with enhancements" and ship it with /etc/redhat-release.
We can not take credit OR blame for those enhancements - including
nethack - that MandrakeSoft adds to Red Hat Linux.
/etc/redhat-release remains for compatibility, as does the RedHat link
on the CD-ROM images. Linux Mandrake 6.1 was released before Red Hat
Linux 6.1 anyway, so they can't brand the next version as "Red Hat
Linux 6.1 with enhancements."
You said, "I tried it on (the irony) /usr/games/nethack, which is SGID
root by default on RH6.0." This is a false statement. We do not
loose face, you do by making utterly false claims. We do not ship any
GNOME programs with setuid/gid bits that give anything more than
'games' group access and 'wtmp' group access (which is
gnome-pty-helper, not a full GNOME application, therefore immune to
your reported bug).
So, my point: You can not use your exploit on GNOME applications as
shipped in Red Hat Linux 6.0 to gain extra privileges beyond the
current user privileges that allow you to do anything beyond changing
your high score in gnomine.
Matt
msw@redhat.com
