Bug#512803: Bug#514110: gnome-terminal as root from sid menu

Josselin Mouette joss at debian.org
Wed Feb 4 18:49:43 UTC 2009 

severity 514110 grave
tags 514110 + security patch
tag 512803 + pending
thanks

Le mercredi 04 février 2009 à 11:24 +0100, Jerzy Wolinski a écrit :
> After logging to sid I run "root terminal" from sid main menubar.
> After that some other programs from menu are run also as root.
> It applies to "terminal" (not root one) and "mc" (from
> "debian/applications/terminal emulations" submenu), but not to "xterm" from
> the same submenu.

OK, in the end (and after I have messed with the BTS in unseen ways)
there are two issues, which is why I have just unmerged the two bugs.
This has nothing to do with D-Bus, I must have been drunk while
uploading the first “fix”.

1) The security issue (#514110) leading to a user being able to control
root’s terminal (and other applications). This is a bug in ORBit2 for
which I have a patch. The corresponding NMU is attached; I’ll upload it
in one or two days if there are no objections.

For the security team: we should get this fixed in lenny and maybe in
etch with a point release, but I don’t think this warrants a DSA. Maybe
this warrants a CVE regardless, I’m not sure.

2) The usability issue; ORBIT_SOCKETDIR is shared between root and !root
processes (for the sake of re-using the GConf daemon, I guess) and this
leads to the impossibility of starting a root terminal as it re-uses an
existing process. Since this doesn’t work in all cases anyway, let’s
just drop ORBIT_SOCKETDIR and get done with it. This will be done in the
next gksu upload.

Cheers,
-- 
 .''`.
: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: orbit2_2.14.16-0.2.debdiff
Type: text/x-patch
Size: 2348 bytes
Desc: 
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090204/5cf62b46/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090204/5cf62b46/attachment.pgp

More information about the pkg-gnome-maintainers mailing list