lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3D8B33D3.80702@snosoft.com> From: dotslash at snosoft.com (KF) Subject: Alsasound local b0f (not an issue if not setuid root) I noticed that it is very common in the troubleshooting of an application that uses alsa-sound to set the setuid bit on the binary in question. One example of this can be found in the archives of the alsaplayer mailing list: http://lists.tartarus.org/pipermail/alsaplayer-devel/2002-February/000656.html and http://lists.tartarus.org/pipermail/alsaplayer-devel/2002-February/000657.html I spoke to the developer of alsasound and he promptly fixed the problems. Although he does not condone the setuid bit on the alsasound program the author noted that some users choose to set the bit. The fixes for the above problem can be found at: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67 http://alsaplayer.org/changelog.php3 Wed Sep 18 11:52:43 CEST 2002 ----------------------------- * Code cleanups * JACK related updates * commandline buffer overflow fixes. ... -KF -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: alsaplayer-suid.c Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020920/bd20b774/alsaplayer-suid.c