>> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
>> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
>> existing records.
>
> Why is this filed at severity: critical? What is the attack vector here
> which permits root privilege escalation?
I do not know any root escalation methods. When using reportbug, those
options seemed to fit best, apologies if they were not; please change if
appropriate. (For future reference: which options should I have used
instead?)
(In fact cannot think of any attacks: cannot think of any "important" uses
of utmp/wtmp files. I use utmp in some of my own scripts, that is how I
looked at gnome-tty-helper.)
Steve,
>> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
>> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
>> existing records.
>
> Why is this filed at severity: critical? What is the attack vector here
> which permits root privilege escalation?
I do not know any root escalation methods. When using reportbug, those
options seemed to fit best, apologies if they were not; please change if
appropriate. (For future reference: which options should I have used
instead?)
(In fact cannot think of any attacks: cannot think of any "important" uses
of utmp/wtmp files. I use utmp in some of my own scripts, that is how I
looked at gnome-tty-helper.)
Cheers, Paul
Paul Szabo <email address hidden> http:// www.maths. usyd.edu. au/u/psz/
School of Mathematics and Statistics University of Sydney Australia