Comment 2 for bug 22887

Steve,

>> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
>> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
>> existing records.
>
> Why is this filed at severity: critical? What is the attack vector here
> which permits root privilege escalation?

I do not know any root escalation methods. When using reportbug, those
options seemed to fit best, apologies if they were not; please change if
appropriate. (For future reference: which options should I have used
instead?)

(In fact cannot think of any attacks: cannot think of any "important" uses
of utmp/wtmp files. I use utmp in some of my own scripts, that is how I
looked at gnome-tty-helper.)

Cheers, Paul

Paul Szabo <email address hidden> http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia