[7503] in bugtraq
Re: Possible root exploit in Linux povray
daemon@ATHENA.MIT.EDU (James Youngman)
Thu Jul 30 17:34:49 1998
Date: Thu, 30 Jul 1998 18:01:52 +0100
Reply-To: James Youngman <JYoungman@VGGAS.COM>
From: James Youngman <JYoungman@VGGAS.COM>
X-To: Dag-Erling Coidan =?ISO-8859-1?Q?Sm=F8rgrav?= <dag-erli@IFI.UIO.NO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Dag-Erling Coidan =?ISO-8859-1?Q?Sm=F8rgrav's?= message of Wed, 29 Jul 1998 19:40:46
+0200
>>>>> "des" =3D=3D Dag-Erling Coidan Sm=F8rgrav <dag-erli@IFI.UIO.NO> w=
rites:
des> Luke <luke@UTW.COM> writes:
>> In the official (3.02) release of povray for linux, the s-povray
>> binary must be installed suid root to function (complains about
>> not being able to open /dev/console without it).
des> Can somebody please explain to me why a raytracing package
des> needs root privs? Why does it even need access to the console
des> at all? What's wrong with std{in,out,err}?
IIRC, s-povray is the version which displays its result to the SVGA
screen as it goes. It "needs"[1] root privileges in order to call
iopl()/ioperm() so that it can do I/O against the hardware directly.
SVGAlib drops root privileges immediately after its initialisation
function is called, so most programs are insulated from the most
immediate problems, but in some cases this is too late.
IIRC the original poster didn't state if the segmentation fault is
occuring before or after the executable drops its privs.
[1] Yes, I don't like it either. A unified framebuffer or similar
device would be a good idea. The variety of PC hardware is sometimes
a drag.
