[PD] Pd-0.39.2-extended-rc4 released on ubuntu

Hans-Christoph Steiner hans at eds.org
Thu Jul 12 22:59:47 CEST 2007

On Jul 12, 2007, at 3:18 PM, Mathieu Bouchard wrote:

> On Thu, 12 Jul 2007, pd-list-request at iem.at wrote:
>> would it be possible to add an option to ask the user if he wants  
>> to chmod +s pd? some people told me it's dangerous. is it really?  
>> pd is already a powerful (read dangerous) software with the objet  
>> system, shell or netreceive...
> Last year I demonstrated that it is possible to make a very small  
> external that gives root access to the whole pd process. This  
> vulnerability only affects Miller's pd, including pd-0.41-0test04  
> (which is the absolute latest). I have fixed that problem during  
> devel_0_39 and carried it into the desiredata branch.
> This problem is largely theoretical so far, as it requires an  
> external to play with the setuid/seteuid commands. I can't think of  
> any external that does that, except the small test that I made for  
> the purpose of verifying my claim.
> I haven't looked much for other possible breaches of root access.

This is only possible if you are running Pd as root, which is general  
is not a good idea.  If Pd is running as a different user, then you  
wouldn't be able to gain root access.


>  _ _ __ ___ _____ ________ _____________ _____________________ ...
> | Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC  
> Canada_______________________________________________
> PD-list at iem.at mailing list
> UNSUBSCRIBE and account-management -> http://lists.puredata.info/ 
> listinfo/pd-list


As we enjoy great advantages from inventions of others, we should be  
glad of an opportunity to serve others by any invention of ours; and  
this we should do freely and generously.         - Benjamin Franklin

More information about the Pd-list mailing list