a good solution to the libXt problem (really)

To: debian-private@lists.debian.org, debian-devel@lists.debian.org
Cc: bruce@pixar.com, bcwhite@verisim.com, maor@debian.org
Subject: a good solution to the libXt problem (really)
From: Kevin Dalley <kevin@aimnet.com>
Date: 28 Nov 1996 18:47:26 -0800
Message-id: <874ti9ipmp.fsf_-_@aplysia.iway.aimnet.com>
In-reply-to: Kevin Dalley's message of 28 Nov 1996 09:27:38 -0800
References: <m0vSnhp-0004OfC@chiark.greenend.org.uk> <87917mi0z9.fsf@aplysia.iway.aimnet.com>

After investigating the Xt bug more thoroughly, I modify my previous
suggestion.

The Xt bug is only a security hole when a program is setuid or
setgid.  Obviously setuid or setgid root programs are most seriously.
A quick examination in my /usr/X11R6/bin directory shows the following
programs which are problematic:

xterm
xterm.mono
X
xload
xterm_color

X doesn't matter.

As I remember it, xterm sometimes needs setuid root so that it can
modify /var/run/utmp.  If utmp cannot be written, then xterm will
still run, but utmp will not be updated.  The program "who" uses
utmp.  The program which I have installed as /usr/X11R6/bin/xterm does
not need to be setuid root.  It will run fine and update utmp as 755.
I believe that this xterm is from the xbase package.
xterm-color and xterm-mono from the xterm-color package will not
update umtp if they are 755.

xload, from xcontrib, works fine if it is installed as 755.  It also
does not need to be installed setuid.  For xload, setuid is a hack
useful for some operating systems which need special permissions to
read the load.  This is not necessary on Linux.

In order to release the 3.1 X packages as part of Debian-1.2, I
suggest that we make the following changes:

1.  In the xbase package, the permission of xterm should be set to
755.  This xterm will work fine.

2.  In the xcolor package, change the permission of the 2 xterm
programs to 755.  A bug should be filed against the package that xterm
does not modify utmp.  This is not a show stopper.

3.  In the xcontrib package, the permission of xload should be changed
to 755.

libXt will still have a bug.  Other setuid programs which use libXt
are a potential hole.  Very few programs should be setuid root
anyway.  All of our really important programs will avoid security
issues because of this bug.  They may still crash, but this is
acceptable for the Debian-1.2 release.

Have I missed any setuid programs which use libXt?

I apologize for cc'ing people, but this is an important issue.  I'll
try not to do it again.
-- 
kevin
kevin@aimnet.com


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Prev by Date: Re: 1.2 boot floppy
Next by Date: Re: Release
Previous by thread: Re: new boot floppies in place.
Next by thread: Re: a good solution to the libXt problem (really)
Index(es):
- Date
- Thread