[PD] Pd-0.39.2-extended-rc4 released on ubuntu
Mathieu Bouchard
matju at artengine.ca
Thu Jul 12 21:18:40 CEST 2007
On Thu, 12 Jul 2007, pd-list-request at iem.at wrote:
> would it be possible to add an option to ask the user if he wants to
> chmod +s pd? some people told me it's dangerous. is it really? pd is
> already a powerful (read dangerous) software with the objet system,
> shell or netreceive...
Last year I demonstrated that it is possible to make a very small external
that gives root access to the whole pd process. This vulnerability only
affects Miller's pd, including pd-0.41-0test04 (which is the absolute
latest). I have fixed that problem during devel_0_39 and carried it into
the desiredata branch.
This problem is largely theoretical so far, as it requires an external to
play with the setuid/seteuid commands. I can't think of any external that
does that, except the small test that I made for the purpose of verifying
my claim.
I haven't looked much for other possible breaches of root access.
_ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada
More information about the Pd-list
mailing list