Bug 12470
Summary: | kon2 - potential security disaster for RH7.0 | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
Component: | kon2 | Assignee: | Nakai <ynakai> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 7.1 | CC: | msw, notting, pbrown |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | Florence Gold | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-04-02 22:04:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Evans
2000-06-18 22:31:10 UTC
This defect is considered MUST-FIX for Winston Beta-5 Won't ship in 8-bit language releases This defect has been re-classified as MUST-FIX for Winston Gold-release This should NOT be a must-fix for Winston gold, it's for JAPANESE Winston gold. agreed. This defect has been re-classified as SHOULD-FIX for Winston Gold-release OK, we're getting close enough we need to re-focus our attention on this problem, to make sure the Japanese version gets a look-see at the problem. This defect is considered MUST-FIX for Florence Gold release newvc needs suid root even if it's utempter-ized cause it touches the hardware and all users need to use it. The buffer overrun potential problem is addressed in a patch. kon2 also touches the hardware. fld will be fixed to be non-fld. I assume an "everything" install in non-Japanese language won't install the kon2 package? correct. Only if you check the little box by "support japanese". Cool. One more point - these are console tools, right? If so, the privileged ones should _refuse_ to run unless run from the console. The same trick as used by Xwrapper/pam_console could be appropriate. . suid-root programs that are console only are a much much smaller risk. Adrian, have you fixed fld yet? So, what is the status of this bug? Taking myself off the Cc: list... No news here? Should this still be marked "Red Hat Beta Program"? Hm, maybe should just close it; if there are particular issues with kon, they can be separate bugs. |