lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3D8B33D3.80702@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: Alsasound local b0f (not an issue if not setuid root)

I noticed that it is very common in the troubleshooting of an 
application that uses alsa-sound to set the setuid bit on the binary in 
question. One example of this can be found in the archives of the 
alsaplayer mailing list: 
http://lists.tartarus.org/pipermail/alsaplayer-devel/2002-February/000656.html 
and
http://lists.tartarus.org/pipermail/alsaplayer-devel/2002-February/000657.html

I spoke to the developer of alsasound and he promptly fixed the 
problems. Although he does not condone the setuid bit on the alsasound 
program the author noted that some users choose to set the bit.

The fixes for the above problem can be found at: 
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67

http://alsaplayer.org/changelog.php3

Wed Sep 18 11:52:43 CEST 2002
-----------------------------
* Code cleanups
* JACK related updates
* commandline buffer overflow fixes.
...


-KF




-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: alsaplayer-suid.c
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020920/bd20b774/alsaplayer-suid.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ