Bug 73307 – Galeon can be used as Trojan horse

Bug 73307 - Galeon can be used as Trojan horse

Summary:	Galeon can be used as Trojan horse

Status:	CLOSED NEXTRELEASE

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	galeon (Show other bugs)
Sub Component:
Version:	9
Hardware:	i386 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Christopher Blizzard
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2002-09-02 15:56 EDT by jfm2
Modified:	2007-04-18 12:46 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2003-05-05 12:00:44 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description jfm2 2002-09-02 15:56:28 EDT

Description of Problem:

The script who fires galeon can be used to cheat another user or the 
superuser into running a program from the attacker.  If You look at 
/usr/bin/galeon you wll noticce that it looks if there is a galeon-bin
program in the CURRENT directory and tries to run it.  So by placing
an exceutable called galeon-bin in one of his directories and then having 
another user to fire galeon from that directory then instead of running the 
real galeon the victim wil be running the Trojan with his own access rights.

Version-Release number of selected component (if applicable):

1.2.0

How Reproducible:

100%

Steps to Reproduce:
1. Make a script called galeon-bin, make it executable.  Fire galeon from
that script and watch the script execute.  (My script just prints: "What's
new doc?)
2. 
3. 

Actual Results:


Expected Results:


Additional Information:

Comment 1 Gene Czarcinski 2003-02-10 10:46:30 EST

I am not sure this is really a security problem but it still exists.

Comment 2 Kjartan Maraas 2003-04-02 18:28:13 EST

And in RHL9.

Comment 3 Kjartan Maraas 2003-04-03 15:39:21 EST

This was fixed today in GNOME CVS. module galeon, branch galeon-1-2

Comment 4 Christopher Blizzard 2003-05-05 12:00:44 EDT

This will get fixed with our next release when we pick up the new galeon version.

Note You need to log in before you can comment on or make changes to this bug.