Comment 16 for bug 22887

Message-ID: <email address hidden>
Date: Mon, 19 Sep 2005 21:17:10 -0700
From: Steve Langasek <email address hidden>
To: Paul Szabo <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#329156: /usr/sbin/gnome-pty-helper: writes arbitrary utmp records

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 20, 2005 at 11:05:10AM +1000, Paul Szabo wrote:

> >> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> >> DISPLAY (host) settings. I am not sure if it can be tricked into erasi=
ng
> >> existing records.

> > Why is this filed at severity: critical? What is the attack vector here
> > which permits root privilege escalation?

> I do not know any root escalation methods. When using reportbug, those
> options seemed to fit best, apologies if they were not; please change if
> appropriate. (For future reference: which options should I have used
> instead?)

Hmm... After rereading the definition at
<http://www.debian.org/Bugs/Developer#severities>, I guess there's no reason
for this bug to not fall under the description of 'critical', since the
security hole is present just from the installation of the package.

Cheers,
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDL41GKN6ufymYLloRAkMkAJ9fiz9tp71jQy75hq3MZIvZ4m3soQCeOpBA
y/pXKyUx/P/kXtRPo+6R4C8=
=+Uvm
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--