Re: suid xterm
Guy Maor <maor@ece.utexas.edu> writes:
> Herbert Xu <herbert@gondor.apana.org.au> writes:
>
> > In article <19980329231357.62680@beijing.itri.loyola.edu> you wrote:
> > > Quick question: has there been a discussion of whether a setuid xterm is
> > > a good idea? Is utmp logging worth the perennial xterm security holes?
> >
> > Yes unless you're willing to let other people see what you type and what is
> > displayed on your screen (oops, there goes my credit card number...)
>
> Right. Programs like xterm and rxvt are suid so they can chown your
> pseudo tty, not so they can write to utmp.
Yes. But the current xterm (from xbase-3.2.2-2) fails to handle utmp
correctly anyway. It is setuid root, but drops root privs after
writing a utmp entry and doing the pty allocation. This means it
can't mark the utmp entry it created as DEAD_PROCESS, so leaving crud
in the utmp file. It also fails to write wtmp entries - but then the
version in Debian-1.3.1 didn't either. The xterm in xbase-3.2-6
correctly handles utmp because it doesn't drop its privs.
I've filed a bug report against xbase with the full details.
Austin
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: