Bug#264453: [Pkg-firebird-general] Bug#264453: Very likely not
exploitable
Damyan Ivanov
divanov at creditreform.bg
Mon Oct 31 08:20:03 UTC 2005
Florian Weimer wrote:
> I agree that this is a horrible coding style, but it's unlikely that
> it's exploitable. As far as I can tell, the situation is follows:
Thank you very much for looking at this bug.
I agree with your reasoning.
However, there is a possibility for the local admin to give fb_lock_mgr SUID
root privileges (in classic server package) to ease IPC when multiple users
have to use firebird, without being members of firebird group. This is bad idea
anyway, but the possibility exists.
So I decided to check whether fb_lock_mgr actually uses this source. It seems
to be linked with jrd statically. (From what I see in the makefile spaghetti)
I can't find the dangerous code, though. In 1.5.1 src/jrd/gds.cpp(966) there is
an #ifdef VMS conditional that is not satisfied (Debian/VMS anyone!?)
in 1.5.2 the code looks the same as in 1.5.1 (with little offset).
So, what is the code, that is considered unsafe? The most suspicious near line
866 is
status = sys$getmsg(code, &l, &desc, 15, flags);
which is in #ifdef VMS that is inactive, so there's no problem at all.
Or is it somewhere else?
Thanks again,
dam
--
Damyan Ivanov Creditreform Bulgaria
divanov at creditreform.bg http://www.creditreform.bg/
phone: +359(2)928-2611, 929-3993 fax: +359(2)920-0994
mob. +359(88)856-6067 dam at jabber.minus273.org/Gaim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20051031/4e65fc47/signature.pgp
More information about the Pkg-firebird-general
mailing list