Bugtraq mailing list archives

Making xlock setuid root

From: srompf () TELEMATION DE (Stefan Rompf)
Date: Fri, 6 Nov 1998 10:18:51 +0100


At 02:41 05.11.98 -0400, Aaron Campbell wrote:

It's hard to tell how serious this is, but I'm sure it could be harmful in
some situations/environments. At any rate, a bug that should definitely be
fixed, especially since xlock is normally set-user-ID root.


Instead of making xlock and other programs that need access to /etc/shadow
setuid root, you can create a group named shadow, allow this group to read
the shadow file and make all those programs setgid shadow. So if someone
finds an exploit, all he can get is the shadow password file instead of
immediate root access.

This is nothing really new, I've tried it with xlock the first time in
1995, so I cannot understand why Unix distributions still ship with the
program setuid to root.

cu.. Stefan

 +--------------------------------------------------------------+
 | Customer: I'm using Windows '95.  Hotline: Ok, got that one. |
 | Customer: It's not working.  Hotline: You already said that. |
 +--------------------------------------------------------------+

Current thread:

Re: X11 cookie hijacker, (continued)
- - Re: X11 cookie hijacker Alan Cox (Nov 03)
  - Re: X11 cookie hijacker Olaf Kirch (Nov 05)
- [rootshell] Security Bulletin #25 Aleph One (Nov 03)
- Re: X11 cookie hijacker Willy TARREAU (Nov 04)
- Re: X11 cookie hijacker Casper Dik (Nov 04)
- Re: X11 cookie hijacker der Mouse (Nov 04)
  - Regarding the reported DOS against the internal interface of a WatchGuard Rapid Response (Nov 04)
  - IE 4.x does not appear to save custom security settings John Schultz (Nov 04)
  - Re: X11 cookie hijacker David Dawes (Nov 04)
  - xlock mishandles malformed .signature/.plan Aaron Campbell (Nov 04)
    - Making xlock setuid root Stefan Rompf (Nov 06)