Summary: | KDE Artsd doesnt have suid bit so it doesnt run in realtime | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Adrian Almenar <aalmenar> |
Component: | [OLD] KDE | Assignee: | Dan Armak (RETIRED) <danarmak> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gentoobugzilla, joshuapreston, kevin |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Adrian Almenar
2002-09-13 11:40:02 UTC
*** Bug 8206 has been marked as a duplicate of this bug. *** artsd should never have the suid bit set. artswrapper should. And when artspwrapper does have suid, it creates a DoS possibility. I've written to -core asking what our default policy should be - suid off by default and tell people like you to turn it on manually, the opposite, or controlling it with some use flag or such. Then you can close this bug, i setted artwrapper suid bit, and artds i unsetted suid bit and it worked ok. Thank for your help Status update: we're probably going to use the "trusted" use flag to enable or disable the suit but on artswrapper by default. Final status update: artsd is not suid root. (never was.) artswrapper is. A DoS attack on artswrapper is possible, however secure systems shuoldn't be using this default setup in the first place. All other non-security-oriented distros do this and it's kde's default setup, so I'm leaving it as-is. |