Bugtraq mailing list archives
Re: safe logging xterm
From: adam () bwh harvard edu (Adam Shostack)
Date: Tue, 14 Mar 1995 16:46:16 -0500 (EST)
Margarita Suarez wrote: | we have modified xterm to make use of the POSIX saved id where possible; | otherwise, it uses setreuid() to switch back and forth between user and | superuser. we provide enable() and disable() functions which swap the | euid and ruid so that the running xterm can give up root and take it | back. | can anyone see a problem with this fix? Yes, it leaves setuid on a program that is way too large. Xterm tends to be setuid so it can write to utmp. Thats a bad reason to make a large program setuid. Adam
Current thread:
- Re: STROBE v1.01 Super Optimised TCP port surveyor, (continued)
- Re: STROBE v1.01 Super Optimised TCP port surveyor John Studarus (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Rodney Campbell (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Scott D. Yelich (Mar 13)
- STROBE mirror Robert M. Haas (Mar 13)
- Re: STROBE mirror Michel Lavondes (Mar 14)
- STROBE 1.02 Julian Assange (Mar 14)
- Re: STROBE 1.02 Neil Woods (Mar 22)
- Sgi Xauthority Strangeness Paul Danckaert (Mar 14)
- xdm and auth on Ultrix 4.4 Walter Zimmer (Mar 14)
- safe logging xterm Margarita Suarez (Mar 14)
- Re: safe logging xterm Adam Shostack (Mar 14)
- Re: safe logging xterm Robert Banz (Mar 16)
- Re: safe logging xterm Adam Shostack (Mar 16)
- Re: safe logging xterm Valdis.Kletnieks () vt edu (Mar 16)
- Re: safe logging xterm Robert M. Haas (Mar 16)
- Re: safe logging xterm Bogdan Pelc (Mar 17)
- Cancel Subscription TechnoInc () aol com (Mar 16)
- Re: Cancel Subscription Anonymous the XXIIV (Mar 16)
- Please help me get off this list Ivan Angus (Mar 17)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Kurt Jaeger aka PI (Mar 13)