Bug#329156: /usr/sbin/gnome-pty-helper: writes arbitrary utmp
records
Paul Szabo
psz at maths.usyd.edu.au
Mon Sep 26 12:43:32 UTC 2005
Dear Loic,
>> > Did you check whether libvte4 is affected?
>> No. Do not know what libvte4 is.
>
> libvte4 is the GNOME 2 zquivalent of libzvt2 ...
> I'd be nice if you could check whether the gnome-pty-helper shipped in
> libvte4 is affected too. Let me know if you don't have a setup
> permitting the check, or if you lack the time.
Looking at the source
vte-0.11.15/gnome-pty-helper/gnome-pty-helper.c
in line 682 it grabs
display_name = getenv ("DISPLAY");
and uses it without any sanity checks: yes, surely it is also affected.
Cheers,
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
More information about the Pkg-gnome-maintainers
mailing list