Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hole in turbolinux 1.2 default xinitrc

From: sstone () UME PHT CO JP (Scott Stone)
Date: Wed, 6 May 1998 09:46:48 +0900

On Fri, 1 May 1998, Jeremy Brand wrote:


-----BEGIN PGP SIGNED MESSAGE-----


Anyone running X11 on a turbo linux 1.2 system (who has not modified
anything) is most likely affected.

I attempted to notify the author here first, but it bounced... so here you
go.

- -jeremy brand


Hm, well, I'm the TurboLinux guy.. I think the bug is specific to TL, it
probably doesn't affect RH (btw, TL 1.2 is NOT based on redhat 5... 1.0 is
sort of based on RH4.2, but 1.2 isn't really RH5 based...)

Anyway, just comment out the line to fix it.  I'll try to put an
updated xinitrc package soon to make a more 'permanent' fix.  Of course,
2.0 will have it fixed as well.

I'll check and see why 'sstone () turbolinux com' is bouncing, too.






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prediction is very difficult, especially of the future.
                -- Niels Bohr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  jbrand () willy wsc edu           http://kittynet.wsc.edu/~jbrand/PGP-KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ---------- Forwarded message ----------
Date: Fri, 1 May 1998 11:21:55 -0500 (CDT)
From: Jeremy Brand <jbrand () willy wsc edu>
To: sstone () turbolinux com
Subject: hole in turbolinux 1.2 default xinitrc

Scott,

this appears to open up many holes on systems.  if it is needed to let
apps start up, i would recommend:

$ xhost +$HOSTNAME$DISPLAY

or in a pinch
$ xhost +localhost

or (my favorite)
not at all.

- ----
this is the default xinitrc on Turbolinux 1.2 systems.  anyone see a hole?
being that Turbolinux 1.2 is based on Red Hat 5, RH5 may have this hole
too.


Turbolinux 1.2
- --snip-- from /etc/X11/xinit/xinitrc
#START_STARTUP_APPS
xhost +
#END_STARTUP_APPS

thanks,
- -jeremy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                     Law of Software Envelopment:
``Every program attempts to expand until it can read mail.
 Those programs which cannot so expand are replaced by ones which can.''
                                 from Jamie Zawinski
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  jbrand () willy wsc edu           http://kittynet.wsc.edu/~jbrand/PGP-KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBNUo4HkO2qj5xP0LdAQGHlwf9GrTy04xppPzV4Ym4tPqVm4NFkYjq/yob
KDPSaYSiXDjNuFFt1iGess53+CodKTkqQEdfVFhxJpCU5maI9v40S6d6uEU19R0e
x6AKGrSYB1lQIWSXrDpgl7++KvqvvvtWKfUI4Au0bBT9lI9zujITAy/RMxZrvFpE
IhpEpj2rmf5amJ42PpcQoeqakiM25oGtTcbft6jZHWd5/5tPd3ZSeWxgKjijon0a
i56WXzo/8cSHwlJIGpe2huRb1AXTMATYzW/HKDQD7KELzHBW4gZ78T5anYnyl0z9
NDaNZNEm4pKHi3OaMK8dEqf98iX8JhKwdDZmgyzXVB0QyFglsHT7lg==
=LT7h
-----END PGP SIGNATURE-----



--------------------------------------------------
Scott M. Stone <sstone () pht com, sstone () turbolinux com>
               <sstone () pht co jp>
Linux Developer/Systems Administrator for Pacific HiTech, Inc.
http://www.pht.com              http://armadillo.pht.co.jp
http://www.pht.co.jp            http://www.turbolinux.com
Previous By Date Next
Previous By Thread Next

Current thread: