Re: SunOS's xterm pb : again !

[alx () black BGU AC IL (Alexander Haiut)]

        hello!

> Using Sun's Openwin under SunOS4.1.3, I noticed that the
> /usr/openwin/bin/xterm wasn't setuid ROOT. It seems to be a
> good thing (remember the "xterm -lf" + file link bug ?).

        heh... sun closed the xterm hole with minimal cost ?! ;)

> When you launch an xterm, the system attachs a device to the
> xterm's shell. You can see this device by typing 'tty' in the xterm's
> window. OK.
>
> The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are
> owned by root, with rights rw-rw-rw-. When you log on the machine,
> the login process changes the owner of the terminal, so the tty
> belongs to you, with minimum access rights. BUT when using an xterm,
> you don't have the permissions to change the owner and access rights
> of the newly allocated tty. So the device stays owned by root,
> WORLD READABLE and WORLD WRITEABLE !!!

        i think you may try to fix that bug by compiling xterm
        without -lf option and install it suid.

        i found this bug (?) few months ago, but just now found
        time to fix it; we're testing this now, and can send you
        results and src code of modified xterm after testing, in
        few days.. :-)

> I think this introduces a major security hole...

        yes, 666 is not the best mode for tty.. :)

                                        --alex.

  Alexander L. Haiut
  Dept. of Computer Science
  Ben-Gurion University, Israel
 _________________________________
  e-mail : alx () cs bgu ac il
  voice  : +972-7-461658