[PD] setuid WAS Re: Pd-0.39.2-extended-rc4 released on ubuntu
Hans-Christoph Steiner
hans at eds.org
Sat Jul 14 18:33:25 CEST 2007
On Jul 13, 2007, at 3:36 PM, Mathieu Bouchard wrote:
> On Thu, 12 Jul 2007, Hans-Christoph Steiner wrote:
>> This is only possible if you are running Pd as root, which is
>> general is not a good idea. If Pd is running as a different user,
>> then you wouldn't be able to gain root access.
>
> We are *only* talking about setuid (chmod +s) and not starting pd
> from a root login.
>
> If pd is running as user "eighthave" but with setuid "root", pd is
> dropping priviledges to be effectively just "eighthave", but does
> it the wrong way, causing it to be able to regain effective "root"
> later.
>
> I reported this bug last november:
>
> http://lists.puredata.info/pipermail/pd-dev/2006-11/007910.html
>
> I have fixed that bug in devel_0_39 on 2006.11.23.
Sorry, I didn't see the part that it was just related to setuid.
It would be very nice to have this bug fix as a patch in the tracker
so that it can be included in pd-vanilla and pd-extended.
.hc
>
> _ _ __ ___ _____ ________ _____________ _____________________ ...
> | Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada
------------------------------------------------------------------------
----
Access to computers should be unlimited and total. - the hacker ethic
More information about the Pd-list
mailing list