[MPlayer-dev-eng] [PATCH] svgalib_helper root vuln

D Richard Felker III dalias at aerifal.cx
Wed Oct 6 13:08:46 CEST 2004


On Wed, Oct 06, 2004 at 12:03:47PM +0200, Diego Biurrun wrote:
> D Richard Felker III writes:
> > On Sun, Oct 03, 2004 at 09:34:56PM -0400, The Wanderer wrote:
> > > D Richard Felker III wrote:
> > > 
> > > >it comes with recent svgalib. but be warned, it contains a very
> > > >stupid vulnerability that lets any user with access to the helper
> > > >access all of kernel memory read/write.. someday i'm gonna submit a
> > > >patch.
> > > 
> > > I'll pass that on to my siblings, then, and see about giving it a try
> > > myself. If/when you do get around to submitting a patch, I'd be glad if
> > > you could somehow let me know (since I don't follow svgalib development,
> > > at least not yet), because I don't like using things with known security
> > > flaws.
> > 
> > ok i'm attaching the fix. it's not a great patch but it should work.
> > note that it also prevents mapping some low memory that was
> > unconditionally allowed before. some stupid drivers may need this low
> > area, but it's inherently a security hole. i doubt any vidix drivers
> > need it, just bad svgalib drivers...
> 
> Have you sent this upstream?

no, i hadn't done anything with it until i cleaned up my changes and
sent that patch to our list. who's the appropriate upstream?

rich




More information about the MPlayer-dev-eng mailing list