On Wed, 12 Jun 2002 13:20:45 -0700 (PDT), "Nathan Carl Summers" <rock@xxxxxxxx> wrote: > On 12 Jun 2002, Michael Natterer wrote: > > Yes, the plug-ins are simply forked and thus have the same uid. > > The patch looks like the right thing to do to me. If nobody objects > > for some reason, it will be applied to both the stable and unstable > > trees. > > You should put a big notice that there is a security fix in the NEWS file > for the versions released. Perhaps an annoncement to BugTrax would be in > order, as well. I don't think that the problem is so serious. It can only be exploited locally and AFAIK it does not open any significant security holes because the shared memory area is only used for exchanging image tiles between the plug-ins and the core. So the only thing that could be done by a local attacker is to insert some nasty stuff in the image that is being processed by a plug-in, assuming that they win the race between the core and the plug-in. The bug should be fixed, but the window of opportunity for malicious uses of this shared memory segment seems to be rather small so it does not deserve any big announcement. Unfortunately, I think that fixing this bug may introduce some new problems: some plug-ins may run under a different user id than the main program. For example, xscanimage may be installed with a setuid bit on some systems if this is required in order to access the scanner. I don't know how the real and effective user id are used in this case, but this may prevent the plug-in from running correctly. Also, I think that some old systems (AIX? HP-UX?) had problems with shared memory segments unless they were created with the mode 777. This is very vague and I cannot find any information about that, so maybe this is just a brain fart on my part. In any case, I don't think that we should be too fast for releasing this patch because it may cause more problems than it solves. We really need more testing and feedback from users of various UN*X systems, especially those who have to run some plug-ins setuid in order to access some special devices or files. -Raphaël
