Re: suid xterm
Guy Maor <firstname.lastname@example.org> writes:
> Herbert Xu <email@example.com> writes:
> > In article <firstname.lastname@example.org> you wrote:
> > > Quick question: has there been a discussion of whether a setuid xterm is
> > > a good idea? Is utmp logging worth the perennial xterm security holes?
> > Yes unless you're willing to let other people see what you type and what is
> > displayed on your screen (oops, there goes my credit card number...)
> Right. Programs like xterm and rxvt are suid so they can chown your
> pseudo tty, not so they can write to utmp.
Yes. But the current xterm (from xbase-3.2.2-2) fails to handle utmp
correctly anyway. It is setuid root, but drops root privs after
writing a utmp entry and doing the pty allocation. This means it
can't mark the utmp entry it created as DEAD_PROCESS, so leaving crud
in the utmp file. It also fails to write wtmp entries - but then the
version in Debian-1.3.1 didn't either. The xterm in xbase-3.2-6
correctly handles utmp because it doesn't drop its privs.
I've filed a bug report against xbase with the full details.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org