Red Hat Bugzilla – Bug 18579
libsafe kills sawfish
Last modified: 2007-04-18 12:29:04 EDT
I can reliably enduce libsafe to kill sawfish. Opening the "Configure Update Agent" item from the Gnome "Programs->System" menu and entering the root passwd gives the following in /var/log/secure: Oct 7 00:48:02 tenshu libsafe.so[5877]: version 1.3 Oct 7 00:48:02 tenshu libsafe.so[5877]: detected an attempt to write across stack boundary. Oct 7 00:48:02 tenshu libsafe.so[5877]: terminating /usr/bin/sawfish Oct 7 00:48:02 tenshu libsafe.so[5877]: overflow caused by memcpy() This is using the versions of libsafe and sawfish supplied as part of RedHat 7.0 (my system was 6.1 with more recent versions of librep, rep-gtk and sawfish, upgraded to RH7 using the RedHat installer)
I have just built and installed an RPM of sawfish-0.31 from the official site and the segfault is no longer present. Looks like RH needs to issue an update of this package.
Forwarded upstream to the sawfish maintainer. We aren't going to upgrade to a newer version of sawfish at this time because the version in 7 was feature frozen and stabilized, and newer versions add features and destabilize things again. So we would need a fix backported to the version we shipped. If I understand correctly this is not a security bug, please correct me if it is. (i.e. it's just a matter of Sawfish being a bit broken writing in inappropriate parts of the stack.)
sawfish-0.36 is in rawhide, all is well.