Comment 6 for bug 22052

Message-Id: <email address hidden>
Date: Tue, 20 Sep 2005 11:05:10 +1000
From: Paul Szabo <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#329156: /usr/sbin/gnome-pty-helper: writes arbitrary utmp records

Steve,

>> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
>> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
>> existing records.
>
> Why is this filed at severity: critical? What is the attack vector here
> which permits root privilege escalation?

I do not know any root escalation methods. When using reportbug, those
options seemed to fit best, apologies if they were not; please change if
appropriate. (For future reference: which options should I have used
instead?)

(In fact cannot think of any attacks: cannot think of any "important" uses
of utmp/wtmp files. I use utmp in some of my own scripts, that is how I
looked at gnome-tty-helper.)

Cheers, Paul

Paul Szabo <email address hidden> http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia