Bugtraq mailing list archives
Re: safe logging xterm
From: pelc () fb3-s7 math tu-berlin de (Bogdan Pelc)
Date: Fri, 17 Mar 1995 10:13:58 +0100
"RB" == Robert Banz <banz () umbc edu> writes:
RB> On Tue, 14 Mar 1995, Adam Shostack wrote: >> Margarita Suarez wrote: >> >> | we have modified xterm to make use of the POSIX saved id where >> possible; | otherwise, it uses setreuid() to switch back and forth >> between user and | superuser. we provide enable() and disable() >> functions which swap the | euid and ruid so that the running xterm can >> give up root and take it | back. >> >> | can anyone see a problem with this fix? >> >> Yes, it leaves setuid on a program that is way too large. Xterm tends >> to be setuid so it can write to utmp. Thats a bad reason to make a >> large program setuid. RB> Hm. Why not make utmp group "bob" writable, and make xterm setgid RB> "bob"? [... TEXT DELETED ...] I've done it (and made chown root.utmp /dev/tty{p,q,r,s} chmod 662 /dev/tty{p,q,r,s} (but I called this empty group utmp, not bob ;-))). You get problems, because: 1) xterm wants to call chown, but it is not possible unless it is SUID-root 2) xterm does not make chmod, if chown failed. so the pseudo terminal (ttyp) has the following access rights: root system 666 /dev/ttyp? should be : user system 622 /dev/ttyp (only write access for group and world). 3) until "mesg -n" is not SUID-root, it can not change the rights of ttyp so everybody can read from you tty :-(( Under AIX 3.2.{4,5} there is a solution. You have to make chown root.utmp /dev/pts (the slave of tty) And everything works fine. I've tried several ways to get around this problem on other UNIX-types (BSD for example), but it did not work. My idea was to make also USER named utmpusr und to make xterm SUID-utmpusr und chown utmpusr /dev/tty{p,q,r,s}*, but it didn't work also :-(( In this case kernel was not able to free the ttyps after they were no more in use. ____________________________________________________________________________ Bogdan Pelc; Sekr. 6-3, Ma666; Tel: 030-31425746, 030-31422491 pelc () math tu-berlin de Do You realize , that this world is totally FUGAZI, where are the poets, where are the visionaries ... (FISH)
Current thread:
- STROBE 1.02, (continued)
- STROBE 1.02 Julian Assange (Mar 14)
- Re: STROBE 1.02 Neil Woods (Mar 22)
- Sgi Xauthority Strangeness Paul Danckaert (Mar 14)
- xdm and auth on Ultrix 4.4 Walter Zimmer (Mar 14)
- safe logging xterm Margarita Suarez (Mar 14)
- Re: safe logging xterm Adam Shostack (Mar 14)
- Re: safe logging xterm Robert Banz (Mar 16)
- Re: safe logging xterm Adam Shostack (Mar 16)
- Re: safe logging xterm Valdis.Kletnieks () vt edu (Mar 16)
- Re: safe logging xterm Robert M. Haas (Mar 16)
- Re: safe logging xterm Bogdan Pelc (Mar 17)
- Cancel Subscription TechnoInc () aol com (Mar 16)
- Re: Cancel Subscription Anonymous the XXIIV (Mar 16)
- Please help me get off this list Ivan Angus (Mar 17)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Kurt Jaeger aka PI (Mar 13)
- Re: sigh. another Irix 5.2 hole. Dave Brookshire (Feb 23)