On Wed, 12 Jun 2002 13:20:45 -0700 (PDT), "Nathan Carl Summers" <[EMAIL PROTECTED]> wrote:
> On 12 Jun 2002, Michael Natterer wrote:
> > Yes, the plug-ins are simply forked and thus have the same uid.
> > The patch looks like the right thing to do to me. If nobody objects
> > for some reason, it will be applied to both the stable and unstable
> > trees.
> You should put a big notice that there is a security fix in the NEWS file
> for the versions released.  Perhaps an annoncement to BugTrax would be in
> order, as well.

I don't think that the problem is so serious.  It can only be
exploited locally and AFAIK it does not open any significant security
holes because the shared memory area is only used for exchanging image
tiles between the plug-ins and the core.  So the only thing that could
be done by a local attacker is to insert some nasty stuff in the image
that is being processed by a plug-in, assuming that they win the race
between the core and the plug-in.  The bug should be fixed, but the
window of opportunity for malicious uses of this shared memory segment
seems to be rather small so it does not deserve any big announcement.

Unfortunately, I think that fixing this bug may introduce some new
problems: some plug-ins may run under a different user id than the
main program.  For example, xscanimage may be installed with a setuid
bit on some systems if this is required in order to access the
scanner.  I don't know how the real and effective user id are used in
this case, but this may prevent the plug-in from running correctly.

Also, I think that some old systems (AIX? HP-UX?) had problems with
shared memory segments unless they were created with the mode 777.
This is very vague and I cannot find any information about that, so
maybe this is just a brain fart on my part.

In any case, I don't think that we should be too fast for releasing
this patch because it may cause more problems than it solves.  We
really need more testing and feedback from users of various UN*X
systems, especially those who have to run some plug-ins setuid in
order to access some special devices or files.

Gimp-developer mailing list

Reply via email to