[9814] in bugtraq
Re: Linux /usr/bin/gnuplot overflow
daemon@ATHENA.MIT.EDU (Speed)
Fri Mar 5 00:14:47 1999
Date: Thu, 4 Mar 1999 20:04:49 -0500
Reply-To: Speed <speed@LINUX.DPILINK.COM>
From: Speed <speed@LINUX.DPILINK.COM>
To: BUGTRAQ@NETSPACE.ORG
It is interesting to note that the gnuplot on my system is NOT suid root
(nor have I modified the default installed settings). My version is 3.5
patchlevel 3.50.1.17 (i.e. very old). The distribution is Slackware.
I agree with xnec in that I can see no good reason to make it suid root.
Anyone know why this was done? Anytime a program is going to do this, a
full audit should be made - some people take the suid bit not seriously
enough.
Simply running strings against it should cause someone looking at that
output to feel a bit suspicious.
Granted, the suid bit might be placed by the distribution and not the
program's author.
Finally, thanks to xnec for providing BOTH the exploit and the fix which
is how it should be done on a full disclosure list.
- Speed_D
