Bugtraq mailing list archives
not only NetBSD [was Re: X11R6 NetBSD Security Problem]
From: pavel () BUG UCW CZ (Pavel Machek)
Date: Fri, 26 Mar 1999 13:55:13 +0100
Hi!
If this has already been brought up, you have the right to stone me to death, But I havent seen it and ive searched, so here it is: I was fooling around today, and decided to rm /tmp/.X11-unix and then make a symbolic link from a file to /tmp/.X11-unix and then startx. So I backed up /etc/passwd and ln -s /etc/passwd /tmp/.X11-unix and then startx'd as normal user acount, But X wouldnt start, it complained and said "is not a directory" So, I made a symbolic link from /root to /tmp/.X11-unix, and startx'd as a normal user, and was suprised to have write access to /root.
I tried to reproduce on 2.2.4 linux using XFree86 Version 3.3.2 / X Window System (protocol Version 11, revision 0, vendor release 6300) Release Date: March 2 1998 If the server is older than 6-12 months, or if your card is newer than the above date, look for a newer version before reporting problems. (see http://www.XFree86.Org/FAQ) . I'm not able to get write access to /etc, still I'm able to create file srwxrwxrwx 1 root root 0 Mar 26 13:48 X0= in previously unwritable directory. Bug, it seems. [There was some talk about /tmp/.X11-unix directories, and I think that this problem might very well get _worse_ with new 3.3.3 release. Please check.] Pavel -- I'm really pavel () atrey karlin mff cuni cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).
Current thread:
- X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem Petras Sinkevicius (Mar 26)
- FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 22)
- ANNOUNCE: New Security Tool: HostSentry 0.02 Alpha Craig H. Rowland (Mar 25)
- Re: FrontPage + Apache + FreeBSD Roberto Grassi (Mar 26)
- Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
- Re: X11R6 NetBSD Security Problem Kevin Vajk (Mar 28)
- wu-ftp 2.4.2 (release VR16) /bin/ftponly [ (Mar 27)
- SuSE Security Announcement - XFree86 Marc Heuse (Mar 28)
- <Possible follow-ups>
- Re: X11R6 NetBSD Security Problem /usr/libexec/telnetd (Mar 25)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)