[4719] in bugtraq
Re: shotgun-1.1b buffer overflow(s)
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Jun 17 11:14:17 1997
Date: Tue, 17 Jun 1997 09:10:07 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: dube0866@EUROBRETAGNE.FR
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <2D2571F0.7740A190@eurobretagne.fr> from "PLaGuEZ" at Jan 1,
94 01:52:01 pm
> for those who dont have time to read README files, here is a piece of
> advise about a svgalib-based (=suid root) linux file manager called
> shotgun (release 1.1b, found on sunsite; is there a newer one ?).
svgalib programs while setuid root drop their setuidness as soon as they
do the SVGA init. On most applications that makes root file exploits
a bit harder. You still get a program with direct video access, which is
enough to do plenty of harm.
Alan
