Bug#264453: [Pkg-firebird-general] Bug#264453: Very likely not exploitable

Damyan Ivanov divanov at creditreform.bg
Mon Oct 31 08:20:03 UTC 2005


Florian Weimer wrote:
> I agree that this is a horrible coding style, but it's unlikely that
> it's exploitable.  As far as I can tell, the situation is follows:

Thank you very much for looking at this bug.

I agree with your reasoning.
However, there is a possibility for the local admin to give fb_lock_mgr SUID
root privileges (in classic server package) to ease IPC when multiple users
have to use firebird, without being members of firebird group. This is bad idea
anyway, but the possibility exists.

So I decided to check whether fb_lock_mgr actually uses this source. It seems
to be linked with jrd statically. (From what I see in the makefile spaghetti)

I can't find the dangerous code, though. In 1.5.1 src/jrd/gds.cpp(966) there is
an #ifdef VMS conditional that is not satisfied (Debian/VMS anyone!?)

in 1.5.2 the code looks the same as in 1.5.1 (with little offset).

So, what is the code, that is considered unsafe? The most suspicious near line
866 is

   status = sys$getmsg(code, &l, &desc, 15, flags);

which is in #ifdef VMS that is inactive, so there's no problem at all.
Or is it somewhere else?


Thanks again,
dam
-- 
Damyan Ivanov                              Creditreform Bulgaria
divanov at creditreform.bg              http://www.creditreform.bg/
phone: +359(2)928-2611, 929-3993            fax: +359(2)920-0994
mob. +359(88)856-6067               dam at jabber.minus273.org/Gaim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20051031/4e65fc47/signature.pgp


More information about the Pkg-firebird-general mailing list