Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Mar 2015 12:45:50 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Debian / xterm #779397

On Tue, Mar 03, 2015 at 10:06:30AM +0000, Simon McVittie wrote:
> On 03/03/15 09:19, Thomas Dickey wrote:
> > | From: "Kurt Seifried" <kseifried@...hat.com>
> > | 
> > | $ xterm -S/dev/pts/20
> > | *** buffer overflow detected ***: /usr/bin/xterm terminated
> > |
> > | Did this get a CVE? I don't see a DSA for xterm.
> > 
> > no - someone mentioned the problem in an email - nothing more was said
> 
> There's some discussion on the Debian bug about whether this should be
> considered to be a security vulnerability, or just a bug. Not every
> buffer overflow is a vulnerability: it can only be a vulnerability if an
> attacker can trigger it.
> 
> Is there any reason why it would be useful/sensible to pass untrusted
> (pseudo-terminal filename, fd) pairs to the -S option? It seems to me
> that if you're passing partially or entirely attacker-controlled
> filenames to this option, you have probably already lost.

In modern times xterm should not be setuid root, but there might be legacy
systems where it is.

On Linux with /dev/pts and utempter it should not be necessary anymore for 
10+ years.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.