Closed GoogleCodeExporter closed 9 years ago
http://lwn.net/Articles/250468/
Original comment by kernc...@gmail.com
on 22 Mar 2010 at 12:48
hopefully, all such vulnerabilities were fixed in r34 through r41.
the only issue I see now is that the attacker could read contents of arbitrary
file
when specifying it as input keymap. thankfully, this will fail for most files
(lines
are too long/empty, etc.).
finally, this should be fixed in r42, because logkeys is no longer setuid root,
and
only superuser can change logkeys-start.sh and logkeys-kill.sh helper scripts!
Original comment by kernc...@gmail.com
on 22 Apr 2010 at 7:39
Original issue reported on code.google.com by
kernc...@gmail.com
on 22 Mar 2010 at 12:47