Frank Lichtenheld <[EMAIL PROTECTED]> writes:
> On Tue, Jan 25, 2005 at 08:01:00AM +0100, Goswin von Brederlow wrote:
> [...]
>> Both of them, if exploitable, would be bugs in the Xrm or Xpm library
>> respectively.
>>
>> The same argument can probably made against pretty much any X
>> application and X itself. There is a lot of software that just loads
>> in user defined xpm files and such.
>
> The difference is the setgid bit, which AFAICT was the whole point of
> the bug report. If it is removed, most of the issues aren't problematic
> anymore.
>
> Gruesse,
> --
> Frank Lichtenheld <[EMAIL PROTECTED]>
> www: http://www.djpig.de/
But what is one to do? Write an xpm verifier function before loading
the xpm with the xpm library? Thats the job of the xpm library to
handle.
The sgid bit just escalate an libxpm bug but it would still be an
libxpm bug.
The Xrm segfault points at such a bug and should be fixed asap. Maybe
you (Joey) can clone+reassign the bug and add some details, e.g. the
resource file that causes the segfault, a gdb backtrace, ...
I fully agree with the link exploit and that alone is a good reason to
drop the sgid game.
MfG
Goswin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
