Re: shotgun-1.1b buffer overflow(s)

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Tue, 17 Jun 1997 09:10:07 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Yucel: "Netscape Admin Servers /tmp/deamonstat"
Previous message: PLaGuEZ: "shotgun-1.1b buffer overflow(s)"
In reply to: PLaGuEZ: "shotgun-1.1b buffer overflow(s)"

> for those who dont have time to read README files, here is a piece of
> advise about a svgalib-based (=suid root) linux file manager called
> shotgun (release 1.1b, found on sunsite; is there a newer one ?).

svgalib programs while setuid root drop their setuidness as soon as they
do the SVGA init. On most applications that makes root file exploits
a bit harder. You still get a program with direct video access, which is
enough to do plenty of harm.

Alan

Next message: Yucel: "Netscape Admin Servers /tmp/deamonstat"
Previous message: PLaGuEZ: "shotgun-1.1b buffer overflow(s)"
In reply to: PLaGuEZ: "shotgun-1.1b buffer overflow(s)"