SunOS's xterm pb : again !

[soulet () ecume cict fr (Gilles SOULET)]

I sent a message on this list few days ago, and I didn't noticed
any real discussion about it. Since I wonder if this topic
is still valid (or completly out of date :-), here's what
I was talking about :

Using Sun's Openwin under SunOS4.1.3, I noticed that the 
/usr/openwin/bin/xterm wasn't setuid ROOT. It seems to be a
good thing (remember the "xterm -lf" + file link bug ?).

When you launch an xterm, the system attachs a device to the
xterm's shell. You can see this device by typing 'tty' in the xterm's
window. OK.

The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are
owned by root, with rights rw-rw-rw-. When you log on the machine,
the login process changes the owner of the terminal, so the tty
belongs to you, with minimum access rights. BUT when using an xterm,
you don't have the permissions to change the owner and access rights
of the newly allocated tty. So the device stays owned by root,
WORLD READABLE and WORLD WRITEABLE !!!

I think this introduces a major security hole, since everybody
can read on a xterm's shell terminal device to get secret
informations, including a password ! You can try this by using
the "cat" command redirected from (or to) an xterm terminal device :
it works !

So what ?

# Gillus 
~~~~~~~~~~