Bugtraq mailing list archives

Re: safe logging xterm

From: Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu)
Date: Thu, 16 Mar 1995 23:28:55 -0500


On Thu, 16 Mar 1995 17:42:07 EST, Robert Banz said:

On Tue, 14 Mar 1995, Adam Shostack wrote:

Yes, it leaves setuid on a program that is way too large.  Xterm tends
to be setuid so it can write to utmp.  Thats a bad reason to make a
large program setuid.

Hm.  Why not make utmp group "bob" writable, and make xterm setgid "bob"?


Well.. mostly because the OTHER think xterm likes to be set-UID for is
so it can chown()/chmod() your pty so you own it so you can do things
like 'mesg n'... ;)

ObSecurityHole: AIX 3.2.5 and 4.1.2 /bin/mesg, /bin/write, and friends
still don't do the set-GID tty thing from BSD 4.2, so if you run 'mesg
y' your terminal is mode 644 and anybody can scribble on it, rather
than the nicer BSD way of setting it to mode 640 and things that were
set-GID tty could scribble on it, after filtering any inappropriate
control characters out, etc...

It aint news to IBM - I filed a bug report against AIX/370 for this back
in 1990 or so.  *sigh*.

                                Valdis Kletnieks
                                Computer Systems Engineer
                                Virginia Tech

Current thread:

STROBE mirror, (continued)
- - - STROBE mirror Robert M. Haas (Mar 13)
    - Re: STROBE mirror Michel Lavondes (Mar 14)
    - STROBE 1.02 Julian Assange (Mar 14)
    - Re: STROBE 1.02 Neil Woods (Mar 22)
    - Sgi Xauthority Strangeness Paul Danckaert (Mar 14)
    - xdm and auth on Ultrix 4.4 Walter Zimmer (Mar 14)
    - safe logging xterm Margarita Suarez (Mar 14)
    - Re: safe logging xterm Adam Shostack (Mar 14)
    - Re: safe logging xterm Robert Banz (Mar 16)
    - Re: safe logging xterm Adam Shostack (Mar 16)
    - Re: safe logging xterm Valdis.Kletnieks () vt edu (Mar 16)
    - Re: safe logging xterm Robert M. Haas (Mar 16)
    - Re: safe logging xterm Bogdan Pelc (Mar 17)
    - Cancel Subscription TechnoInc () aol com (Mar 16)
    - Re: Cancel Subscription Anonymous the XXIIV (Mar 16)
    - Please help me get off this list Ivan Angus (Mar 17)
    - Re: STROBE v1.01 Super Optimised TCP port surveyor Kurt Jaeger aka PI (Mar 13)
  - Re: sigh. another Irix 5.2 hole. Christopher Klaus (Mar 08)
  - Re: sigh. another Irix 5.2 hole. David R. Sears (Mar 08)
    - Re: sigh. another Irix 5.2 hole. Dave Brookshire (Feb 23)
  - Request for subscription into the list Mike Neuman (Mar 08)

(Thread continues...)