Date: Sat, 23 Aug 2003 14:08:14 +0300 (EEST) From: Jari Kirma <kirma@cs.hut.fi> To: FreeBSD-gnats-submit@FreeBSD.org Cc: kde@FreeBSD.org Subject: ports/55892: KDE konsole_grantpty fails to change pty rights to secure values Message-ID: <200308231108.h7NB8EuY036980@pallo.cs.hut.fi> Resent-Message-ID: <200308231110.h7NBAFaS083679@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 55892 >Category: ports >Synopsis: KDE konsole_grantpty fails to change pty rights to secure values >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 23 04:10:14 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Jari Kirma >Release: FreeBSD 4.8-STABLE i386 >Organization: Helsinki University of Technology >Environment: System: FreeBSD XXX.hut.fi 4.8-STABLE FreeBSD 4.8-STABLE #5: Wed Aug 13 15:34:53 EEST 2003 kirma@XXX.hut.fi:/usr/src/sys/compile/XXX i386 Related packages: kde-3.1.3 The "meta-port" for KDE kdebase-3.1.3 This package provides the basic applications for the KDE sy kdelibs-3.1.3 This is the base set of libraries needed by KDE programs kdenetwork-3.1.3 Network-related programs and modules for KDE ... etc >Description: konsole or its child processes fail to change pty permissions. This permits snooping the console by anyone on the system, which, of course, is extremely bad for multiuser systems. >How-To-Repeat: xxx ~ > konsole < ... irrelevant stuff removed ...> kbuildsycoca running... konsole: cannot chown /dev/ttype. Reason: Operation not permitted konsole: chownpty failed for device /dev/ptype::/dev/ttype. : This means the session can be eavesdroped. : Make sure konsole_grantpty is installed in : /usr/local/bin/ and setuid root. >Fix: Unknown, FreeBSD KDE team can probably fix it rather quickly. This should be probably added to KDE porting checklist or such. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308231108.h7NB8EuY036980>