Bugtraq mailing list archives

Re: XDM bug

From: abelits () phobos illtel denver co us (Alex Belits)
Date: Fri, 3 Jan 1997 18:06:40 -0800


On Fri, 3 Jan 1997, jamie wrote:

:On Thu, 2 Jan 1997, Angel Ortiz wrote:
:[...]
:> System: UNIX Ware systems with X
:>
:> Symptom:
:> /usr/X/bin/xdm is setuid
:[...]
:> Any way, please verify xdm setuid on your systems and please let the
:> bugtraq news group know if it exists on other systems.

BSDi 2.1 is also not vulnerable. Even if it was suid, this problem can
be (briefly) alleviated by popping it in you respectice /etc/rc.* file as
opposed to starting it as a user.


  And what is the reason to start xdm as user? I can understand why some
perverted minds may want setuid X server (not that I think, it's any
smart), but xdm? User will still get the login box anyway, and there won't
be a way to stop xdm unless it's remained attached to the terminal (what
is insecure)... xdm is a server, other users may depend on, and if there
is no  other possible users, there won't be any need in starting xdm
manually anyway.  It's the same as, say, having setuid root inetd that
won't start by the startup script and will be used by a regular users to
enable network services. Or setuid root ftpd, so users will be able to
enable FTP access... Or httpd... Or sendm... Oops, this one exists, even
though the only thing it needs to do as root is listening to his port 25
and setuid to users to write mailboxes what could be safely done by
separate small program, always running as root, but this is a separate
issue.
--
Alex

Current thread:

XDM bug Angel Ortiz (Jan 02)
- <Possible follow-ups>
- Re: XDM bug Steve \ (Jan 03)
  - Re: XDM bug jamie (Jan 03)
    - Re: XDM bug Alex Belits (Jan 03)
    - serious security bug in wu-ftpd v2.4 Aleph One (Jan 04)
    - Re: serious security bug in wu-ftpd v2.4 Wietse Venema (Jan 04)
    - Buffer overflow in the query cgi. Apropos of Nothing (Jan 04)
    - Re: Buffer overflow in the query cgi. Thomas H. Ptacek (Jan 04)
  - Re: XDM bug Mr. ManX (Jan 03)