On Tue, Sep 20, 2005 at 11:05:10AM +1000, Paul Szabo wrote:
> >> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> >> DISPLAY (host) settings. I am not sure if it can be tricked into erasi=
ng
> >> existing records.
> > Why is this filed at severity: critical? What is the attack vector here
> > which permits root privilege escalation?
> I do not know any root escalation methods. When using reportbug, those
> options seemed to fit best, apologies if they were not; please change if
> appropriate. (For future reference: which options should I have used
> instead?)
Hmm... After rereading the definition at
<http://www.debian.org/Bugs/Developer#severities>, I guess there's no reason
for this bug to not fall under the description of 'critical', since the
security hole is present just from the installation of the package.
Cheers,
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/
--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden> gnome-pty- helper: writes arbitrary utmp records
Date: Mon, 19 Sep 2005 21:17:10 -0700
From: Steve Langasek <email address hidden>
To: Paul Szabo <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#329156: /usr/sbin/
--ZPt4rx8FFjLCG7dd Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Tue, Sep 20, 2005 at 11:05:10AM +1000, Paul Szabo wrote:
> >> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> >> DISPLAY (host) settings. I am not sure if it can be tricked into erasi=
ng
> >> existing records.
> > Why is this filed at severity: critical? What is the attack vector here
> > which permits root privilege escalation?
> I do not know any root escalation methods. When using reportbug, those
> options seemed to fit best, apologies if they were not; please change if
> appropriate. (For future reference: which options should I have used
> instead?)
Hmm... After rereading the definition at www.debian. org/Bugs/ Developer# severities>, I guess there's no reason
<http://
for this bug to not fall under the description of 'critical', since the
security hole is present just from the installation of the package.
Cheers, www.debian. org/
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://
--ZPt4rx8FFjLCG7dd pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
ufymYLloRAkMkAJ 9fiz9tp71jQy75h q3MZIvZ4m3soQCe OpBA P/kXtRPo+ 6R4C8=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDL41GKN6
y/pXKyUx/
=+Uvm
-----END PGP SIGNATURE-----
--ZPt4rx8FFjLCG 7dd--