[PD-dev] [ pure-data-Bugs-1602345 ] security vulnerability, giving root access

Mon, 19 Nov 2007 19:21:59 -0800 

Bugs item #1602345, was opened at 2006-11-24 07:48
Message generated for change (Comment added) made by sf-robot
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=1602345&group_id=55736

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: None
>Status: Closed
Resolution: Fixed
Priority: 5
Private: No
Submitted By: Mathieu Bouchard (matju)
Assigned to: Miller Puckette (millerpuckette)
Summary: security vulnerability, giving root access

Initial Comment:
first configure with --enable-setuid or just chmod 4755 pd && chown root pd, 
which has the same effect.

then load this external called crack.c by making a [crack] box or -lib crack:

#include <unistd.h>
#include <stdio.h>
void crack_setup (void) {
  seteuid(0);
  fopen("/hax0r","w");
}

An empty file called "hax0r" appears in protected folder "/" even though 
privileges have been dropped by pd upon startup.


----------------------------------------------------------------------

>Comment By: SourceForge Robot (sf-robot)
Date: 2007-11-19 19:20

Message:
Logged In: YES 
user_id=1312539
Originator: NO

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

----------------------------------------------------------------------

Comment By: Hans-Christoph Steiner (eighthave)
Date: 2007-11-05 17:01

Message:
Logged In: YES 
user_id=27104
Originator: NO


I am pretty sure this the bug fixed by Miller's 0.40.3 and 0.39.3
releases.  Please adjust if I am wrong.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=1602345&group_id=55736

_______________________________________________
PD-dev mailing list
PD-dev@iem.at
http://lists.puredata.info/listinfo/pd-dev

Reply via email to