Bugtraq mailing list archives
Re: safe logging xterm
From: rhaas () cygnus arc nasa gov (Robert M. Haas)
Date: Thu, 16 Mar 1995 23:13:54 -0800
Yes, it leaves setuid on a program that is way too large. Xterm tends to be setuid so it can write to utmp. Thats a bad reason to make a large program setuid.Hm. Why not make utmp group "bob" writable, and make xterm setgid "bob"?
Doesn't xterm also need to chown() some devices to the user logging in? It seems that xterm should only need root on startup and exit, though. If someone wrote a wrapper to take care of the stuff that xterm does on exit, (which could be small and setuid) then xterm could just exec() that when it exited. Of course you the wrapper would need to be reasonably smart about not letting people remove themselves from utmp who weren't really logging out. Maybe it could refuse to run if there were any processes who had that tty was their controlling terminal other than itself? Just a thought. ...Robert
Current thread:
- Re: STROBE mirror, (continued)
- Re: STROBE mirror Michel Lavondes (Mar 14)
- STROBE 1.02 Julian Assange (Mar 14)
- Re: STROBE 1.02 Neil Woods (Mar 22)
- Sgi Xauthority Strangeness Paul Danckaert (Mar 14)
- xdm and auth on Ultrix 4.4 Walter Zimmer (Mar 14)
- safe logging xterm Margarita Suarez (Mar 14)
- Re: safe logging xterm Adam Shostack (Mar 14)
- Re: safe logging xterm Robert Banz (Mar 16)
- Re: safe logging xterm Adam Shostack (Mar 16)
- Re: safe logging xterm Valdis.Kletnieks () vt edu (Mar 16)
- Re: safe logging xterm Robert M. Haas (Mar 16)
- Re: safe logging xterm Bogdan Pelc (Mar 17)
- Cancel Subscription TechnoInc () aol com (Mar 16)
- Re: Cancel Subscription Anonymous the XXIIV (Mar 16)
- Please help me get off this list Ivan Angus (Mar 17)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Kurt Jaeger aka PI (Mar 13)
- Re: sigh. another Irix 5.2 hole. Dave Brookshire (Feb 23)