> Virtually any program using the GNOME libraries is vulnerable to a > buffer overflow attack. The attack comes in the form: > > /path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer > > The following exploit should work against any GNOME program, though I > tried it on (the irony) /usr/games/nethack, which is SGID root by > default on RH6.0. An attack on any program will look something like > this: (a) Red Hat Linux does not come with nethack. (b) I tried specifying a very long argument to --espeaker, and achieved no success in making anything segfault etc. (esound 0.2.14). (c) GNOME is not designed to be used in setuid root programs. There is too much complexity involved to achieve any assurance of security in any GUI program - untrusted input can be supplied by the X server, environment variables, other file descriptors, and command line args, and processed in difficult-to-audit ways. Developers of ALL GUI programs (not just GNOME ones) should use small helper programs to access higher privilege levels. Here are the programs in RH Rawhide gnome-* packages that attain additional privileges when run: -r-xr-s--x root games 67596 Sep 21 15:38 /usr/bin/gnibbles -r-xr-s--x root games 75900 Sep 21 15:38 /usr/bin/gnobots2 -r-xr-s--x root games 52592 Sep 21 15:38 /usr/bin/gnome-stones -r-xr-s--x root games 71424 Sep 21 15:38 /usr/bin/gnomine -r-xr-s--x root games 26036 Sep 21 15:38 /usr/bin/gnotravex -r-xr-s--x root games 234200 Sep 21 15:38 /usr/bin/gtali -r-xr-s--x root games 24156 Sep 21 15:38 /usr/bin/gturing -r-xr-s--x root games 48444 Sep 21 15:38 /usr/bin/iagno -r-xr-s--x root games 38788 Sep 21 15:38 /usr/bin/mahjongg -r-xr-s--x root games 21268 Sep 21 15:38 /usr/bin/same-gnome -rwxr-sr-x root utmp 8600 Sep 23 15:41 /usr/sbin/gnome-pty-helper The gnome games fork a scores helper, then drop this privilege right away. The helper section has been written with security in mind. gnome-pty-helper has been audited. I conclude that any security problems are caused by incorrect installation of third-party software. -- Elliot http://developer.gnome.org/ The first thing a programmer needs to admit is that any program is by far more complex than his own mind. Thats why he partitions it into neat pieces and avoids complexity.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:32 PDT