[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw

On Tue, Apr 28, 1998 at 05:12:22PM +0100, Mark Baker wrote:
> On Tue, Apr 28, 1998 at 05:57:55PM +0200, A Mennucc wrote:
> > > Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw
> > > library distributed in various MIT X Consortium; X Consortium, Inc.;
> > > and The Open Group X Project Team releases. These vulnerabilities may
> > > be exploited by an intruder to gain root access. 
> > 
> > the only solutions seems to
> > 
> >   chmod 0755 `which xterm`
> Or to apply a patch that TOG sent to their members, but didn't think to do
> anything useful like include it in the alert itself. It's probably not free
> anyway :(
> Since a program as complicated as xterm is always likely to contain security
> problems, we probably should leave it un-suid anyway, even once we have
> patched it to fix the bugs mentioned.

Well, the reason xterm is setuid is because it needs privileged access to
the utmp file.  However, this is presently a problem under some
circumstances (see bug #20685).

XFree86 3.3.2-4 is shipping with an /etc/X11/XResources that sets
XTerm*utmpInhibit to true.  Is it the consensus of the project that xterm
should have its setuid removed until this bug (#20685) is fixed?

Let me know quickly (especially if any of you know any additional reason
xterm is setuid).  If I turn it off then I will want to do so for -5, which
I'd like to release within the next 24 hours.

G. Branden Robinson                 | Human beings rarely imagine a god that
Purdue University                   | behaves any better than a spoiled child.
branden@purdue.edu                  | -- Robert Heinlein
http://www.ecn.purdue.edu/~branden/ |

Attachment: pgpP8Q7xN_Me9.pgp
Description: PGP signature

Reply to: