After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 317312 - [CAN-2005-0023] gnome-pty-helper writes arbitrary utmp records
[CAN-2005-0023] gnome-pty-helper writes arbitrary utmp records
Product: vte
Classification: Core
Component: general
Other All
: Normal major
: ---
Assigned To: VTE Maintainers
VTE Maintainers
Depends on:
Reported: 2005-09-27 07:46 UTC by Loïc Minier
Modified: 2015-05-09 17:29 UTC
See Also:
GNOME target: ---
GNOME version: 2.11/2.12

Description Loïc Minier 2005-09-27 07:46:37 UTC

This vulnerability is identified as CAN-2005-0023.

Paul Szabo exposed proof of concept code to record arbitrary DISPLAY strings to
the utmp records in Debian bug <>.  This bug
affects vte's code, but was reported against it's GNOME 1 counterpart, libzvt2.

One workaround he suggests is that gnome-pty-helper verifies the DISPLAY is
correct, by connecting to it.

Comment 1 André Klapper 2006-10-02 09:06:37 UTC
any updates on this? behdad perhaps?
(i know that the severity of this issue has been disputed.)
Comment 2 Behdad Esfahbod 2006-10-02 18:18:04 UTC
(In reply to comment #1)
> any updates on this? behdad perhaps?
> (i know that the severity of this issue has been disputed.)

Last time I looked into this, it was not worth the time fixing it.

The only fix that comes to mind is to try opening the DISPLAY first, but that requires depending on Xlib.
Comment 3 André Klapper 2006-10-04 18:15:22 UTC
Comment 4 Behdad Esfahbod 2006-10-04 18:42:54 UTC
I'll leave it open until someone writes a patch.
Comment 5 André Klapper 2006-10-05 07:35:01 UTC
removing old target milestone then, thanks for the quick feedback.
Comment 6 Christian Persch 2015-05-09 17:29:03 UTC
Obsolete now that g-p-h has been removed.