Bug#280355: /usr/bin/gnome-keyring-daemon: gnome-keyring-daemon:
Dosen't background properly, leaving stdio open to attack.
Mike Mestnik
cheako911@yahoo.com, 280355@bugs.debian.org
Mon, 08 Nov 2004 15:35:16 -0600
Package: gnome-keyring
Version: 0.2.1-3
Severity: important
File: /usr/bin/gnome-keyring-daemon
I'v marked this important since this behaviour may be exploitable. The
controling tty is left open and thus any one with write permitions to the
TTY might be able to send gnome-keyring-daemon signals or exploit buffer
attacks. The debian package should background gnome-keyring-daemon with the
daemon(1) program untill the program can included these vital features.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (980, 'unstable'), (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages gnome-keyring depends on:
ii libatk1.0-0 1.6.1-5 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libglib2.0-0 2.4.7-1 The GLib library of C routines
ii libgtk2.0-0 2.4.13-1 The GTK+ graphical user interface
ii libpango1.0-0 1.4.1-4 Layout and rendering of internatio
-- no debconf information