Re: artswrapper suid?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 25, 2004 at 09:07:10AM -0400, Neal D. Becker wrote:
> Arjan van de Ven wrote:
> 
> > On Mon, Oct 25, 2004 at 05:59:57AM -0700, Barry K. Nathan wrote:
> >> On Mon, Oct 25, 2004 at 02:44:56PM +0200, Arjan van de Ven wrote:
> >> > why would sound stuff need to be setuid root ? the PAM console code
> >> > will make sound devices accessible to local users already.
> >> 
> >> So it can run at realtime scheduling priority?
> > 
> > sounds like a bad idea to me...
> > 
> Why?

I was going to ask that too, but then I Googled and found this:
http://kdenews.unixcode.org/?node=news&action=article;18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=266760
http://bugs.kde.org/show_bug.cgi?id=88401
http://bugs.kde.org/show_bug.cgi?id=86426

Even if artsd isn't running as root, the fact that it obtains realtime
priority (via a setuid artswrapper) lets it take down the system
(whether with an intentional denial-of-service attack or because of
accidental bugs).

-Barry K. Nathan <barryn@xxxxxxxxx>


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]