Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: safe logging xterm

From: banz () umbc edu (Robert Banz)
Date: Thu, 16 Mar 1995 17:42:07 -0500 (EST)

On Tue, 14 Mar 1995, Adam Shostack wrote:


Margarita Suarez wrote:

| we have modified xterm to make use of the POSIX saved id where possible;
| otherwise, it uses setreuid() to switch back and forth between user and
| superuser.  we provide enable() and disable() functions which swap the
| euid and ruid so that the running xterm can give up root and take it
| back.

| can anyone see a problem with this fix?

Yes, it leaves setuid on a program that is way too large.  Xterm tends
to be setuid so it can write to utmp.  Thats a bad reason to make a
large program setuid.


Hm.  Why not make utmp group "bob" writable, and make xterm setgid "bob"?

just an idea...  at least it cuts down on what they can do if they
somehow 'hack' xterm...the get "bob" access...

---- target LN 220 FM 4P
Robert Banz (banz () umbc edu)   "I prefer the hands on touch you only
UMBC Academic Computing Svcs.  get from hired goons." 
(410) 455-3962                          'Mr Burns'
http://gl.umbc.edu/~banz       ||| |XX| || X X|| | XX|| |X X||X X|| X|
Previous By Date Next
Previous By Thread Next

Current thread: