Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw
On Tue, Apr 28, 1998 at 12:45:33PM -0500, Branden Robinson wrote:
> Well, the reason xterm is setuid is because it needs
> privileged access to the utmp file. However, this is
> presently a problem under some circumstances (see bug
> #20685).
It's not the only reason: XTerm needs to be suid root to
adjust the permissions on the pseudo terminal's slave
device (/dev/ttyp*). Without root having xterm suid root,
_any_ user on the system may send arbitrary data to xterm.
This may permit reprogramming some keyboard settings.
So, plainly, xterm is a security risk with or without the
suid root bit. As a solution, we need a wrapper which
does pty allocation and starts kind of "client" xterm with
user privileges. (Or we need glibc-2.1 and linux 2.1
where non-privileged programs can do proper pty
allocation. ;-)
tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: