ports/55892: KDE konsole_grantpty fails to change pty rights to secure values
Jari Kirma
kirma at cs.hut.fi
Sat Aug 23 11:10:16 UTC 2003
>Number: 55892
>Category: ports
>Synopsis: KDE konsole_grantpty fails to change pty rights to secure values
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 23 04:10:14 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Jari Kirma
>Release: FreeBSD 4.8-STABLE i386
>Organization:
Helsinki University of Technology
>Environment:
System: FreeBSD XXX.hut.fi 4.8-STABLE FreeBSD 4.8-STABLE #5: Wed Aug 13 15:34:53 EEST 2003 kirma at XXX.hut.fi:/usr/src/sys/compile/XXX i386
Related packages:
kde-3.1.3 The "meta-port" for KDE
kdebase-3.1.3 This package provides the basic applications for the KDE sy
kdelibs-3.1.3 This is the base set of libraries needed by KDE programs
kdenetwork-3.1.3 Network-related programs and modules for KDE
...
etc
>Description:
konsole or its child processes fail to change pty permissions.
This permits snooping the console by anyone on the system,
which, of course, is extremely bad for multiuser systems.
>How-To-Repeat:
xxx ~ > konsole
< ... irrelevant stuff removed ...>
kbuildsycoca running...
konsole: cannot chown /dev/ttype.
Reason: Operation not permitted
konsole: chownpty failed for device /dev/ptype::/dev/ttype.
: This means the session can be eavesdroped.
: Make sure konsole_grantpty is installed in
: /usr/local/bin/ and setuid root.
>Fix:
Unknown, FreeBSD KDE team can probably fix it rather quickly.
This should be probably added to KDE porting checklist or such.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list