Are there any known security problems with Interrogator?
Interrogator is not a SUID or SGID program, so it has the same permissions you always have. As far as the system is concerned, Interrogator is a strange Xterm session – it forks off certain processes, and tinkers with files, but it cannot do anything that the user doesn’t already do by typing commands into a shell. (It just lets you do them faster.) For all practical purposes, Interrogator is the same as a combination of a terminal window, a shell, and the fileutils (ls, cp, chmod, rm, du, df, mkdir, and so on). There is a well known vulnerability with scripts – if a cracker can modify a script and then later trick a superuser into running it, the cracker can ‘get root’. Interrogator scripts are kept in a private .tint directory in your home directory. This directory is kept private for the user, mode 0700. This directory and its files are checked often for suspicious ownership or permission clues that something might be wrong.
