[8314] in bugtraq
Re: Root compromise via zgv
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Oct 27 15:22:23 1998
Date: Tue, 27 Oct 1998 14:08:41 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: rafal@MEDIANET.PL
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199810191029.MAA10145@butler.medianet.pl> from "Nergal" at Oct
19, 98 12:29:04 pm
> Answer 1. Besides port access granted by ioperm/iopl, svgalib needs write
> access to /dev/mem to operate. Therefore svgalib keeps an open
> descriptor ( number three usually ) to /dev/mem ( is it true in all cases ?
> can someone confirm that authoritatively ? ). So, we can modify our uid
[It does not need to, its yet another svgalib bug if it does.]
And the answer to svgalib as a whole is 'before installing this package
read back 2 years of bugtraq and tell me why you are installing it'
Alan
