I replied to this message already when he posted it to linux-alert IIRC. He didn't reply though so here's my message again slightly edited. I will say that these are some poor bugs. I won't say that they have the wide ranging implications that you imply. The window manager isn't going to save anyone if someone has access to your display. Running programs with long argv[0]'sis just another way for a user to shoot themselves in the foot by running a program that is doing something nasty. One more place to put a trojan but thats about as far reaching as that goes. the libPropList problem might be a bit bigger as at one time some of GNOME was/is using it. Buffer overflows are bugs. Lots of them have security implications. Most do not. Feel free to correct me if you feel I have my facts wrong here or I'm overlooking some implication of the bugs. Cheers, Chris Stan Bubrouski <binat_private> writes: > Back in June when I was fooling around with some > programs I was writing, I found a serious buffer overflow in > WindowMaker 0.60.0 and 0.52, but I assume previous versions > are vulnerable as well. By replacing argv[0] of a program > with a string longer than 249 characters, it is possible to > overflow one of the programs buffers, causing it, and > possibly X as well to crash. It is assumed this can be > exploited remotely if you run an insecure X server. By > default some distributions of Linux like RedHat come with X > configured to allow everyone in the outside world access to > your X-server. Anyway here is the guilty section of code, > from wdefualts.c: -- Chris Green <sproutat_private> <grapeapeat_private> I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:55 PDT