[KDE Dot News]
 faq
 flatforty
 contribute
 subscribe
 configure
 search
 rdf
 main


  Security: Potential Local Root Exploit (Artswrapper)
KDE Official News Posted by Dre on Sunday 07/Jul/2002, @22:22
from the make-it-safe-now dept.
A possible local root exploit affecting all versions of artswrapper (introduced in KDE 2 pre-releases) was posted late Sunday to some of the well-known security websites. The exploit only affects installations which have installed artswrapper setuid "root". A patch (GPG signature) against KDE 3.0.2 was released almost immediately (thanks to George Staikos and Dirk Mueller), and new packages are being built. In the meantime, it is strongly recommended that system administrators unset the setuid bit on artswrapper (e.g., chmod ug-s artswrapper), particularly on multi-user machines. More details, as they arise, will be posted to the KDE 3.0.2 Info Page. Update: 07/08 19:25:49 by N: There appears to be some confusion as to whether this is a real exploit or not. The patch has currently been retracted, so stay tuned for updates. As usual, those of you who wish to err on the side of caution simply have to remove the setuid bit on artswrapper.


<  |  >

 
  Related Links
 ·   Articles on KDE Official News
 ·   Also by Dre
 ·   Contact author

Thread Threshold:

The Fine Print: The following comments are owned by whomever posted them.
( Reply )

Irony
by Daniel Stone on Monday 08/Jul/2002, @03:16
The quote that came up as I looked at this story was:
"Security is not optional." -Waldo Bastian
[ Reply To This | View ]
Link to patch?
by topace on Monday 08/Jul/2002, @06:00
The link to the patch file is 404. Or, maybe im jumping the gun and I actually read the story before the patch got uploaded :)

topace
[ Reply To This | View ]
What changes without suid root?
by jmalory on Monday 08/Jul/2002, @10:35
What happens if I remove the suid bit? Does it still function properly? If so, what was the point of having it suid root in the first place?
[ Reply To This | View ]
  • Re: What changes without suid root?
    by Navindra Umanee on Monday 08/Jul/2002, @11:02
    I think it was there so that arts could obtain real-time priviledges if requested by the user. Otherwise, assuming arts has access to the sound device, I assume it should work fine.
    [ Reply To This | View ]
    • Re: What changes without suid root?
      by Evan "JabberWokky" E. on Monday 08/Jul/2002, @11:50
      A user cannot normally raise the execution priority of a process under Linux beyond a certain point. For things like sounds, you want them to sync perfectly, and you (hopefully) know that they only have a certain system load, so it's nice to have them at a very high execution priority (pun intended).

      Note that many other OSes have fine grained security systems, which allow you to give a process the rights to change its priority without being able to do anything else (like change passwords for root). There has been talk that Linux will be getting progressivly more fine grained security in the future, and some of the 2.5.x work is being done with an eye towards that.

      Remember, this is only a security risk if you have people you don't trust using your system (either at the console or via telnet or ssh), and even then, it's theoretical, and may not even exist. For the majority of desktop users, this is not a concern, and most servers don't even have monitors, let alone soundcards or a desktop.

      --
      Evan
      [ Reply To This | View ]
      • Re: What changes without suid root?
        by Carbon on Tuesday 09/Jul/2002, @09:23
        Such fine-grained security already exists in Linux to some degree. In particular, take a look at some of the more secure chroot systems: within a chroot jail, it's important to deny the chroot system call to a root user or they can easily break out. I think it's really just a matter, at this point, of making it more fine grained. Then again, I'm not a kernel developer, so just ignore me. :-)
        [ Reply To This | View ]
        • Re: What changes without suid root?
          by me on Thursday 11/Jul/2002, @05:05
          Of course, Linux kernel since 2.something allows using capabilities. Except that nothing uses it, because "it is not portable to other systems".
          [ Reply To This | View ]
bug/traq ?
by ksh on Saturday 09/Nov/2002, @05:59
where can i find information about that bug ?!
havent seen anything on bugtraq
[ Reply To This | View ]
The Fine Print: The previous comments are owned by whomever posted them.
( Reply )
  "Ok guys, I'll implement focus-follows-mind next time and ship a magic patch." -- Matthias Ettrich
KDE®, "K Desktop Environment", "KDE Dot News", "got the dot?" and the KDE Logo® are trademarks or registered trademarks of KDE e.V. in the European Union, the United States and other countries. All other trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster. The rest: Copyright © 2000-2008 KDE e.V. for The KDE Project. For further information or comments on this site, please contact the Webmaster.
[ home | post article | flat forty | subscribe | search | rdf ]