Bugtraq mailing list archives
Re: Possible bufferoverflow condition in lpr, xterm and xload
From: shipley () dis org (Evil Pete)
Date: Sun, 18 Aug 1996 13:28:22 -0700
How about the real solution to the xterm woes:
1. Make utmp and wtmp owned by user root, group (say) acctg, and mode 664.
2. instead of setuiding xterm as root, make it setgid acctg.
This way the worst consequence of hacking xterm would be compromise of
accounting files, but not the root user.
Is there anything else that xterm needs to do as root besides updating
{w|u}tmp? I don't think so, I made a copy in mode 755 and it worked
fine with -ut option.
chown your tty
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Brian Mitchell (Aug 19)
- Re: libresolv+ bug David Holland (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Steve Czetty (Aug 19)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
- Tracking tools? David Miller (Aug 14)
- Re: Tracking tools? Gene Titus (Aug 15)
- Re: Tracking tools? neill (Aug 15)
- Re: Tracking tools? Tracy R. Reed (Aug 15)
- SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)
- CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
- Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)