GNOME Bugzilla – Bug 317312
[CAN-2005-0023] gnome-pty-helper writes arbitrary utmp records
Last modified: 2015-05-09 17:29:03 UTC
This vulnerability is identified as CAN-2005-0023.
Paul Szabo exposed proof of concept code to record arbitrary DISPLAY strings to
the utmp records in Debian bug <http://bugs.debian.org/329156>. This bug
affects vte's code, but was reported against it's GNOME 1 counterpart, libzvt2.
One workaround he suggests is that gnome-pty-helper verifies the DISPLAY is
correct, by connecting to it.
any updates on this? behdad perhaps?
(i know that the severity of this issue has been disputed.)
(In reply to comment #1)
> any updates on this? behdad perhaps?
> (i know that the severity of this issue has been disputed.)
Last time I looked into this, it was not worth the time fixing it.
The only fix that comes to mind is to try opening the DISPLAY first, but that requires depending on Xlib.
I'll leave it open until someone writes a patch.
removing old target milestone then, thanks for the quick feedback.
Obsolete now that g-p-h has been removed.