Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Mar 2015 12:45:50 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Debian / xterm #779397

On Tue, Mar 03, 2015 at 10:06:30AM +0000, Simon McVittie wrote:
> On 03/03/15 09:19, Thomas Dickey wrote:
> > | From: "Kurt Seifried" <kseifried@...hat.com>
> > | 
> > | $ xterm -S/dev/pts/20
> > | *** buffer overflow detected ***: /usr/bin/xterm terminated
> > |
> > | Did this get a CVE? I don't see a DSA for xterm.
> > 
> > no - someone mentioned the problem in an email - nothing more was said
> 
> There's some discussion on the Debian bug about whether this should be
> considered to be a security vulnerability, or just a bug. Not every
> buffer overflow is a vulnerability: it can only be a vulnerability if an
> attacker can trigger it.
> 
> Is there any reason why it would be useful/sensible to pass untrusted
> (pseudo-terminal filename, fd) pairs to the -S option? It seems to me
> that if you're passing partially or entirely attacker-controlled
> filenames to this option, you have probably already lost.

In modern times xterm should not be setuid root, but there might be legacy
systems where it is.

On Linux with /dev/pts and utempter it should not be necessary anymore for 
10+ years.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ