Re: suid xterm

To: debian-devel@lists.debian.org
Subject: Re: suid xterm
From: Guy Maor <maor@ece.utexas.edu>
Date: 30 Mar 1998 02:02:23 -0800
Message-id: <[🔎] 87n2e81opc.fsf@1Cust120.max37.los-angeles.ca.ms.uu.net>
In-reply-to: Herbert Xu's message of "Mon, 30 Mar 1998 19:06:50 +1000"
References: <[🔎] 199803300906.TAA27919@gondor.apana.org.au>

Herbert Xu <herbert@gondor.apana.org.au> writes:

> In article <[🔎] 19980329231357.62680@beijing.itri.loyola.edu> you wrote:
> > Quick question: has there been a discussion of whether a setuid xterm is
> > a good idea? Is utmp logging worth the perennial xterm security holes?
> 
> Yes unless you're willing to let other people see what you type and what is
> displayed on your screen (oops, there goes my credit card number...)

Right.  Programs like xterm and rxvt are suid so they can chown your
pseudo tty, not so they can write to utmp.


Guy


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: suid xterm
  - From: Mark Baker <mbaker@iee.org>

References:
- Re: suid xterm
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Re: Archive organization
Next by Date: Re: tcsh should be removed from hamm
Previous by thread: Re: suid xterm
Next by thread: Re: suid xterm
Index(es):
- Date
- Thread