Bugtraq mailing list archives
Re: hole in turbolinux 1.2 default xinitrc
From: sstone () UME PHT CO JP (Scott Stone)
Date: Wed, 6 May 1998 09:46:48 +0900
On Fri, 1 May 1998, Jeremy Brand wrote:
-----BEGIN PGP SIGNED MESSAGE----- Anyone running X11 on a turbo linux 1.2 system (who has not modified anything) is most likely affected. I attempted to notify the author here first, but it bounced... so here you go. - -jeremy brand
Hm, well, I'm the TurboLinux guy.. I think the bug is specific to TL, it probably doesn't affect RH (btw, TL 1.2 is NOT based on redhat 5... 1.0 is sort of based on RH4.2, but 1.2 isn't really RH5 based...) Anyway, just comment out the line to fix it. I'll try to put an updated xinitrc package soon to make a more 'permanent' fix. Of course, 2.0 will have it fixed as well. I'll check and see why 'sstone () turbolinux com' is bouncing, too.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Prediction is very difficult, especially of the future. -- Niels Bohr ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ jbrand () willy wsc edu http://kittynet.wsc.edu/~jbrand/PGP-KEY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - ---------- Forwarded message ---------- Date: Fri, 1 May 1998 11:21:55 -0500 (CDT) From: Jeremy Brand <jbrand () willy wsc edu> To: sstone () turbolinux com Subject: hole in turbolinux 1.2 default xinitrc Scott, this appears to open up many holes on systems. if it is needed to let apps start up, i would recommend: $ xhost +$HOSTNAME$DISPLAY or in a pinch $ xhost +localhost or (my favorite) not at all. - ---- this is the default xinitrc on Turbolinux 1.2 systems. anyone see a hole? being that Turbolinux 1.2 is based on Red Hat 5, RH5 may have this hole too. Turbolinux 1.2 - --snip-- from /etc/X11/xinit/xinitrc #START_STARTUP_APPS xhost + #END_STARTUP_APPS thanks, - -jeremy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Law of Software Envelopment: ``Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.'' from Jamie Zawinski ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ jbrand () willy wsc edu http://kittynet.wsc.edu/~jbrand/PGP-KEY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNUo4HkO2qj5xP0LdAQGHlwf9GrTy04xppPzV4Ym4tPqVm4NFkYjq/yob KDPSaYSiXDjNuFFt1iGess53+CodKTkqQEdfVFhxJpCU5maI9v40S6d6uEU19R0e x6AKGrSYB1lQIWSXrDpgl7++KvqvvvtWKfUI4Au0bBT9lI9zujITAy/RMxZrvFpE IhpEpj2rmf5amJ42PpcQoeqakiM25oGtTcbft6jZHWd5/5tPd3ZSeWxgKjijon0a i56WXzo/8cSHwlJIGpe2huRb1AXTMATYzW/HKDQD7KELzHBW4gZ78T5anYnyl0z9 NDaNZNEm4pKHi3OaMK8dEqf98iX8JhKwdDZmgyzXVB0QyFglsHT7lg== =LT7h -----END PGP SIGNATURE-----
-------------------------------------------------- Scott M. Stone <sstone () pht com, sstone () turbolinux com> <sstone () pht co jp> Linux Developer/Systems Administrator for Pacific HiTech, Inc. http://www.pht.com http://armadillo.pht.co.jp http://www.pht.co.jp http://www.turbolinux.com
Current thread:
- hole in turbolinux 1.2 default xinitrc Jeremy Brand (May 01)
- Re: hole in turbolinux 1.2 default xinitrc Alan Cox (May 01)
- SMB/RPC workbench code Greg Hoglund (May 05)
- Re: hole in turbolinux 1.2 default xinitrc (FIX) Scott Stone (May 05)
- TurboLinux 1.2 xinit hole - Fix #2 Scott Stone (May 05)
- Re: hole in turbolinux 1.2 default xinitrc Scott Stone (May 05)
- Re: hole in turbolinux 1.2 default xinitrc Alan Cox (May 01)