Bug#280355: /usr/bin/gnome-keyring-daemon: gnome-keyring-daemon:
Dosen't background properly, leaving stdio open to attack.
Ondøej Surý
Ondøej Surý ,
280355@bugs.debian.org
Tue, 09 Nov 2004 11:35:52 +0100
Please send output of "lsof -p" on gnome-keyring-daemon process and how
did you started g-k-d process? Did you started g-k-d from session or
manually?
> I'v marked this important since this behaviour may be exploitable. The
> controling tty is left open and thus any one with write permitions to the
> TTY might be able to send gnome-keyring-daemon signals or exploit buffer
> attacks. The debian package should background gnome-keyring-daemon with the
> daemon(1) program untill the program can included these vital features.
Ondrej
--
Ondřej Surý <ondrej@sury.org>