Debian bug report logs - #1726 permissions on svgalib utilities Package: svgalib ; Reported by: Austin Donnelly ; Done: Richard Kettlewell . ----------------------------------------------------------------------- Message received at debian-bugs-done: From sfere.elmail.co.uk!richard Sun Oct 29 04:50:30 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t9XC0-000CLCC; Sun, 29 Oct 95 04:50 PST Received: from muskogee.elmail.co.uk by pixar.com with SMTP id AA04105 (5.67b/IDA-1.5 for debian-bugs-done-pipe@mongo.pixar.com); Sun, 29 Oct 1995 04:49:58 -0800 Received: from sfere.elmail.co.uk ([193.116.29.15]) by muskogee.elmail.co.uk with smtp id (Debian /\oo/\ Smail3.1.29.1 #29.33); Sun, 29 Oct 95 12:51 GMT Received: by sfere.elmail.co.uk id (Debian /\oo/\ Smail3.1.29.1 #29.33); Sun, 29 Oct 95 02:25 GMT Message-Id: Date: Sun, 29 Oct 95 02:25:39 +0000 (GMT) From: Richard Kettlewell To: Austin Donnelly , debian-bugs-done@Pixar.com Subject: Re: Bug#1726: permissions on svgalib utilities In-Reply-To: References: Austin Donnelly writes: >Package: svgalib >Version: 1.25-4 > >The following programs are installed setuid root: > restoretextmode > restorefont > restorepalette > dumpreg > fix132x43 > >This allows any user to completely hose the console at will. > >Can I suggest that they be made: > -rwsr-x--- 1 root console >(this requires a new group, console, to be created). 1.28-1 will do exactly this. I'll test it tomorrow and upload it to ftp.debian.org then or Monday if all is OK. -- Richard Kettlewell richard@uk.geeks.org http://www.elmail.co.uk/staff/richard/ ----------------------------------------------------------------------- Notification sent to Austin Donnelly : Bug acknowledged by developer. Full text available. ----------------------------------------------------------------------- Reply sent to Richard Kettlewell : You have taken responsibility. Full text available. ----------------------------------------------------------------------- Message received at debian-bugs: From cam.ac.uk!and1000 Sat Oct 21 14:23:04 1995 Return-Path: Received: from pixar.com by mongo.pixar.com with smtp (Smail3.1.28.1 #15) id m0t6lNg-000BEKC; Sat, 21 Oct 95 14:23 PDT Received: from black.csi.cam.ac.uk by pixar.com with SMTP id AA01932 (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 21 Oct 1995 14:22:38 -0700 Received: from valour.pem.cam.ac.uk [131.111.200.47] (ident = root) by black.csi.cam.ac.uk with smtp (Smail-3.1.29.0 #36) id m0t6lNa-000CCJC; Sat, 21 Oct 95 22:22 BST Received: by valour.pem.cam.ac.uk id m0t6lOK-000z5NC (Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 21 Oct 95 22:23 BST Date: Sat, 21 Oct 1995 22:23:44 +0100 (BST) From: Austin Donnelly X-Sender: and1000@valour.pem.cam.ac.uk To: debian-bugs@pixar.com Subject: permissions on svgalib utilities Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Package: svgalib Version: 1.25-4 The following programs are installed setuid root: restoretextmode restorefont restorepalette dumpreg fix132x43 This allows any user to completely hose the console at will. Can I suggest that they be made: -rwsr-x--- 1 root console (this requires a new group, console, to be created). Austin ----------------------------------------------------------------------- Acknowledgement sent to Austin Donnelly : New bug report received and forwarded. Full text available. ----------------------------------------------------------------------- Report forwarded to debian-devel@pixar.com : Bug#1726 ; Package svgalib . Full text available. ----------------------------------------------------------------------- Ian Jackson / iwj10@thor.cam.ac.uk , with the debian-bugs tracking mechanism This page last modified 07:43:01 GMT Wed 01 Nov