Bugtraq mailing list archives
Re: Vulnerability in the Xt library
From: casper () holland Sun COM (Casper Dik)
Date: Mon, 26 Aug 1996 09:13:10 +0200
Or fix xterm such that it doesn't need to be setuid. This usually involves hacking the kernel to have saner defaults than are present in the BSD kernel. If you could create a pseudo device that was owned by the user creating it, xterm wouldn't need to be setuid, if my look at the source and conversations I've had with others that understood xterm better than I.
System V ptys have this advantage, apart from being much easier to use and being much more efficient (youdont' need to sewarch for one open device, you just get one from the kernel). In Solaris 2.x, there are two programs that handle all of xterms needs: /usr/lib/pt_chmod - for setting the ownership of a pty /usr/lib/utmp_update - for updating utmp/wtmp files. Consequently, Solaris 2.x xterm is not set-uid root. (SunOS 4.x xterm wasn't set-uid either but it relied on a mode 666 utmp file [bad] and kept your tty owned by rot [worse]
This doesn't mean that one shouldn't fix libXt, just that xterm, although careful generally, shouldn't need to be setuid root (in an ideal world).
Obviously we need to fix libXt. I'm actually quiet appalted that the X consortium introduced a new buffer overflow in XOpenDisplay in R6. Casper
Current thread:
- Re: Vulnerability in the Xt library Warner Losh (Aug 25)
- Re: Vulnerability in the Xt library Casper Dik (Aug 26)
- r00t advisory -- Sunny Day Virus Gregory Hull (Aug 26)
- r00t advisroy -- sol2.5 at(1) vunerability Gregory Hull (Aug 26)
- r00t advisory -- workman vunerability Gregory Hull (Aug 26)
- r00t advisory -- sol2.5 su(1M) vunerability Gregory Hull (Aug 26)
- SGI Security Advisory 19960802-01 - Vulnerability in expreserve SGI Security Coordinator (Aug 26)
- Privileges (was libresolv+ bug) Paul McNabb (Aug 26)
- [BUG] Vulnerability in PINE Sean B. Hamor (Aug 26)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Re: Tired of /tmp? Here's a proposed solution Thomas Koenig (Aug 28)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)