On Tue, 2 Mar 100 suidat_private wrote: > Local users can take advantage of a packaging and configuration > error (which has been known and documented for a long time) to > execute arbitrary commands as root. I can not speak for DOSEMU developers but it is my impression you are supposed to know what you are doing, what risk you accept (and the risk in far from negligible), and the ways the risk can be mitigated ("secure on", "dpmi off" (*), /etc/dosemu/users) if you install DOSEMU setuid root, and that installing it in this way by default in the name of user- friendliness or whatever is a VERY BAD THING. Whether the package includes system.com binary or not is irrelevant (**). Yes, I know Corel is not the only vendor who is guilty--even if we limit ourselves to Linux distros (in fact, the package in question is probably an unmodified Debian package). (*) I wonder whether newer versions of doc/README/SECURITY mention that (at least according to what I heard from Hans Lermen) DPMI programs can invoke Linux syscalls directly and circumvent any walls DOSEMU itself raised to protect itself (unless some incredibly creative protection was invented since version 0.97). (**) As long as a user can make the virtual machine execute arbitrary code (I'd like to see a useful installation making this impossible), he can create and run his own program calling the problematic subfunction of interrupt 0xE6 (or doing other nasty things). --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:01 PDT