Bug 2654 - /usr/bin/disable-paste does not need to be suid root!(?)
Summary: /usr/bin/disable-paste does not need to be suid root!(?)
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gpm
Version: 6.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-05-08 12:41 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-06-02 11:34:07 UTC

Attachments (Terms of Use)

Description Chris Evans 1999-05-08 12:41:55 UTC
Look at /usr/bin/disable-paste. It is suid-root.

Brief testing showed that its functionality works fine if it
is _not_ suid root.

The risk is that the user can pass arbitrary environment
variables, etc. to the GPM program. disable-paste is just a
wrapper which calls gpm.

Comment 1 Dale Lovelace 1999-05-27 18:11:59 UTC
/usr/bin/disable-paste is suid root. The gpm Makefile contains this

$(INSTALL_PROGRAM) -o root -m 4755 disable-paste \

  So apparently the gpm people think it should be suid-root. I have
emailed Ian Zimmerman <itz> who is mentioned in the Makefile
about this. I will update this bug when I hear back from him.

  I chmod'ed /usr/bin/disable-paste 755 and I had no problems copy and
pasting among vc's etc.

  This is the entire disable-paste.c

#include <unistd.h>             /* execv */

static char* argv[] = {


  execv(SBINDIR "/gpm", argv);

Comment 2 Dale Lovelace 1999-05-28 13:07:59 UTC
Email from Ian Zimmerman <itz> (maintainer of gpm):

>   I am looking at /usr/bin/disable-paste in the gpm package which is
>   suid root. I am wondering what the need of setting this file suid
>   root is. Brief testing has shown no ill consequences from changing
>   this file to 755.

disable-paste has to be suid root because it exec's gpm with the -k
argument.  If run as a normal user, it won't crash and burn, but it
won't do anything else either (in particular, it won't do its job
which is to disable any existing kernel selection buffer until a new
selection is made).

Ian Zimmerman                         <itz>
Electing a quail for President might cause wierd affects,
such as school principles refusing to eat baked potatoe.

Comment 3 Chris Evans 1999-05-30 21:04:59 UTC
Sorry to reopen, but -- wrong.
Do this:

chmod -s `which disable-paste`

Now, as a non-root user, select some stuff in the console.
Now run the unprivileged disable-paste. And hey presto, the kernel
console paste buffer has been cleared. This proves that suid-root
privs are not required

So please verify this finding and remove the suid bit in Rawhide.

Remember, disable-paste execs "gpm" as root, which inherits arbitrary
user environment variables, etc, so the risk is beyond the 10 lines of
code or so in "disable-paste" itself.

Comment 4 Jeff Johnson 1999-06-02 11:34:59 UTC
Fixed (by removing setuid) in gpm-1.17.5-5. Thanks for persisting.

Note You need to log in before you can comment on or make changes to this bug.