Date: Tue, 3 Mar 2015 12:45:50 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Subject: Re: Re: Debian / xterm #779397 On Tue, Mar 03, 2015 at 10:06:30AM +0000, Simon McVittie wrote: > On 03/03/15 09:19, Thomas Dickey wrote: > > | From: "Kurt Seifried" <kseifried@...hat.com> > > | > > | $ xterm -S/dev/pts/20 > > | *** buffer overflow detected ***: /usr/bin/xterm terminated > > | > > | Did this get a CVE? I don't see a DSA for xterm. > > > > no - someone mentioned the problem in an email - nothing more was said > > There's some discussion on the Debian bug about whether this should be > considered to be a security vulnerability, or just a bug. Not every > buffer overflow is a vulnerability: it can only be a vulnerability if an > attacker can trigger it. > > Is there any reason why it would be useful/sensible to pass untrusted > (pseudo-terminal filename, fd) pairs to the -S option? It seems to me > that if you're passing partially or entirely attacker-controlled > filenames to this option, you have probably already lost. In modern times xterm should not be setuid root, but there might be legacy systems where it is. On Linux with /dev/pts and utempter it should not be necessary anymore for 10+ years. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.