Dear Nekral, Curious way of counting bugs. What do you mean exploitable: to do what? (Surely is_my_tty cannot protect, being buggy itself.)
As I see things, the following bugs are present: - bad selection of utmp entry [often choosing wrong] - is_my_tty uses stat [should be lstat] - is_my_tty compares rdev only [should also test dev ino etc] - maybe is_my_tty should scrutinize path [ensure directory components are root-owned and safe] - race between is_my_tty checks and chown - chown of unsafe path [should be fchown anyway] As things are, it is exploitable to elevate privileges from group utmp to root. It is also buggy, often failing for legitimate use. Fixing all bugs would be best; fixing some may already render it "safe" against exploitation, and/or restore functionality. Please, fix soon. Please change severity. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
