Bugtraq mailing list archives
Re: SunOS's xterm pb : again !
From: alx () black BGU AC IL (Alexander Haiut)
Date: Mon, 12 Dec 1994 19:51:10 +0200 (GMT+0200)
hello!
Using Sun's Openwin under SunOS4.1.3, I noticed that the /usr/openwin/bin/xterm wasn't setuid ROOT. It seems to be a good thing (remember the "xterm -lf" + file link bug ?).
heh... sun closed the xterm hole with minimal cost ?! ;)
When you launch an xterm, the system attachs a device to the xterm's shell. You can see this device by typing 'tty' in the xterm's window. OK. The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are owned by root, with rights rw-rw-rw-. When you log on the machine, the login process changes the owner of the terminal, so the tty belongs to you, with minimum access rights. BUT when using an xterm, you don't have the permissions to change the owner and access rights of the newly allocated tty. So the device stays owned by root, WORLD READABLE and WORLD WRITEABLE !!!
i think you may try to fix that bug by compiling xterm without -lf option and install it suid. i found this bug (?) few months ago, but just now found time to fix it; we're testing this now, and can send you results and src code of modified xterm after testing, in few days.. :-)
I think this introduces a major security hole...
yes, 666 is not the best mode for tty.. :) --alex. Alexander L. Haiut Dept. of Computer Science Ben-Gurion University, Israel _________________________________ e-mail : alx () cs bgu ac il voice : +972-7-461658
Current thread:
- SunOS's xterm pb : again ! Gilles SOULET (Dec 09)
- Re: SunOS's xterm pb : again ! Alexander Haiut (Dec 12)
- Re: SunOS's xterm pb : again ! Pug (Dec 13)
- Re: SunOS's xterm pb : again ! Casper Dik (Dec 13)
- Re: SunOS's xterm pb : again ! Pug (Dec 13)
- <Possible follow-ups>
- Re: SunOS's xterm pb : again ! der Mouse (Dec 13)
- Re: SunOS's xterm pb : again ! Alexander Haiut (Dec 12)