Red Hat Bugzilla – Bug 69575
Security problem with kdeinit (3.0.0)
Last modified: 2008-05-01 11:38:03 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607
Description of problem:
There is a serious security problem with kdeinit, and possibly several
other KDE applications tools etc. The following description is
for kdelibs-3.0.0-10 as shipped by RedHat 7.3 intel.
Kdeinit looks for shared libraries in non-system directories. This can allow a
malicious local user to gain root access if root runs kde.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.See attachment. Not describable in 3 lines.
Actual Results: Crash (good) and/or loading of arbitrary libraries (bad).
Expected Results: Not search along untrusted relative paths for shared libraries.
Created attachment 66524 [details]
Details / Traces of bugreport
coolo at kde dot org pointed me that Qt is the culprit.
readelf -d /usr/lib/qt3/lib/libqt-mt.so (from qt-3.0.3-11)
shows an rpath like '../lib/' Qt2 seems to be okay.
*** This bug has been marked as a duplicate of 69692 ***