Bugtraq mailing list archives
Re: safe logging xterm
From: jfh () rpp386 cactus org (John F. Haugh II)
Date: Sun, 2 Apr 95 20:19:53 CDT
On Thu, 16 Mar 1995 17:42:07 EST, Robert Banz said:On Tue, 14 Mar 1995, Adam Shostack wrote:Yes, it leaves setuid on a program that is way too large. Xterm tends to be setuid so it can write to utmp. Thats a bad reason to make a large program setuid.Hm. Why not make utmp group "bob" writable, and make xterm setgid "bob"?Well.. mostly because the OTHER think xterm likes to be set-UID for is so it can chown()/chmod() your pty so you own it so you can do things like 'mesg n'... ;) ObSecurityHole: AIX 3.2.5 and 4.1.2 /bin/mesg, /bin/write, and friends still don't do the set-GID tty thing from BSD 4.2, so if you run 'mesg y' your terminal is mode 644 and anybody can scribble on it, rather than the nicer BSD way of setting it to mode 640 and things that were set-GID tty could scribble on it, after filtering any inappropriate control characters out, etc... It aint news to IBM - I filed a bug report against AIX/370 for this back in 1990 or so. *sigh*.
AIX v3 gets its TTY protection scheme from v2 and the /etc/ports file. In v3 the data is moved into the ODM and poorly documented. You can change the default login permissions to something other than 622 and if you have the correct support agreement, I believe the nice folks in Austin will even send you the unobfuscated information. Please note that there is not universal agreement on BSD 4.2's scheme. My SVR4 system don't work that way and I want to insist that none of the pre-SVR4 USG based systems don't either. This really is a BSD thing. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh () rpp386 cactus org
Current thread:
- Re: safe logging xterm John F. Haugh II (Apr 02)