Debian bug report logs - #1726
permissions on svgalib utilities

Package: svgalib; Reported by: Austin Donnelly <and1000@cam.ac.uk>; Done: Richard Kettlewell <richard@elmail.co.uk>.

Message received at debian-bugs-done:


From sfere.elmail.co.uk!richard Sun Oct 29 04:50:30 1995
Return-Path: <richard@sfere.elmail.co.uk>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0t9XC0-000CLCC; Sun, 29 Oct 95 04:50 PST
Received: from muskogee.elmail.co.uk by pixar.com with SMTP id AA04105
  (5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Sun, 29 Oct 1995 04:49:58 -0800
Received: from sfere.elmail.co.uk ([193.116.29.15]) by muskogee.elmail.co.uk
	 with smtp id <m0t9XDE-00033DC@muskogee.elmail.co.uk>
	(Debian /\oo/\ Smail3.1.29.1 #29.33); Sun, 29 Oct 95 12:51 GMT
Received: by sfere.elmail.co.uk
	id <m0t9NRM-0002QuC@sfere.elmail.co.uk>
	(Debian /\oo/\ Smail3.1.29.1 #29.33); Sun, 29 Oct 95 02:25 GMT
Message-Id: <cMAKoy2xi0@sfere.elmail.co.uk>
Date: Sun, 29 Oct 95 02:25:39 +0000 (GMT)
From: Richard Kettlewell <richard@elmail.co.uk>
To: Austin Donnelly <and1000@cam.ac.uk>, debian-bugs-done@Pixar.com
Subject: Re: Bug#1726: permissions on svgalib utilities
In-Reply-To: <Pine.LNX.3.91.951021221347.1971A-100000@valour.pem.cam.ac.uk>
References: <Pine.LNX.3.91.951021221347.1971A-100000@valour.pem.cam.ac.uk>

Austin Donnelly writes:

>Package: svgalib
>Version: 1.25-4
>
>The following programs are installed setuid root:
>  restoretextmode
>  restorefont
>  restorepalette
>  dumpreg
>  fix132x43
>
>This allows any user to completely hose the console at will.
>
>Can I suggest that they be made:
>      -rwsr-x---   1 root     console
>(this requires a new group, console, to be created).

1.28-1 will do exactly this.  I'll test it tomorrow and upload it to
ftp.debian.org then or Monday if all is OK.

-- 
Richard Kettlewell richard@uk.geeks.org http://www.elmail.co.uk/staff/richard/

Notification sent to Austin Donnelly <and1000@cam.ac.uk>:
Bug acknowledged by developer. Full text available.
Reply sent to Richard Kettlewell <richard@elmail.co.uk>:
You have taken responsibility. Full text available.

Message received at debian-bugs:


From cam.ac.uk!and1000 Sat Oct 21 14:23:04 1995
Return-Path: <and1000@cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0t6lNg-000BEKC; Sat, 21 Oct 95 14:23 PDT
Received: from black.csi.cam.ac.uk by pixar.com with SMTP id AA01932
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 21 Oct 1995 14:22:38 -0700
Received: from valour.pem.cam.ac.uk [131.111.200.47] (ident = root) 
	by black.csi.cam.ac.uk with smtp 
	(Smail-3.1.29.0 #36) id m0t6lNa-000CCJC; Sat, 21 Oct 95 22:22 BST
Received: by valour.pem.cam.ac.uk
	id m0t6lOK-000z5NC
	(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 21 Oct 95 22:23 BST
Date: Sat, 21 Oct 1995 22:23:44 +0100 (BST)
From: Austin Donnelly <and1000@cam.ac.uk>
X-Sender: and1000@valour.pem.cam.ac.uk
To: debian-bugs@pixar.com
Subject: permissions on svgalib utilities
Message-Id: <Pine.LNX.3.91.951021221347.1971A-100000@valour.pem.cam.ac.uk>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


Package: svgalib
Version: 1.25-4

The following programs are installed setuid root:
  restoretextmode
  restorefont
  restorepalette
  dumpreg
  fix132x43

This allows any user to completely hose the console at will.

Can I suggest that they be made:
      -rwsr-x---   1 root     console
(this requires a new group, console, to be created).

Austin

Acknowledgement sent to Austin Donnelly <and1000@cam.ac.uk>:
New bug report received and forwarded. Full text available.
Report forwarded to debian-devel@pixar.com:
Bug#1726; Package svgalib. Full text available.
Ian Jackson / iwj10@thor.cam.ac.uk, with the debian-bugs tracking mechanism
This page last modified 07:43:01 GMT Wed 01 Nov