[14181] in bugtraq
mtr-0.42 is out.
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Tue Mar 7 07:16:50 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200003040904.KAA27664@cave.bitwizard.nl>
Date: Sat, 4 Mar 2000 10:04:50 +0100
Reply-To: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
From: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
X-To: mtr@lists.xmission.com, BUGTRAQ@SECURITYFOCUS.COM,
viktor@DTEK.CHALMERS.SE, syousif@iname.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi everyone,
In response to Viktor's recent publication that mtr might be
vulnerable to an attack because it didn't fully drop root privileges,
mtr-0.42 is now out.
As usual, most of the patch is due to the fact that I upgraded
auto-something.
I'm pretty confident that an attack WAS possible. (Although I don't
know of ANY exploit in curses, gtk or mtr, I'm confident there is one).
The offending seteuid call has been in the source since version 0.20.
I seem to remember that the setuid that we use now caused problems
(i.e. not working or not compiling) on some platforms, however, I have
no record of any version having setuid, so I must be imagining things.
The setuid there is obviously correct, and what was intended in the
first place.
Plug: mtr is a full-screen combination of ping and traceroute, and
works much faster than traceroute.
Roger.
--
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* Common sense is the collection of *
****** prejudices acquired by age eighteen. -- Albert Einstein ********
