Bugtraq mailing list archives
Re: Vulnerability in the Xt library
From: imp () village org (Warner Losh)
Date: Sun, 25 Aug 1996 22:06:07 -0600
: after all this is a pretty severe BUG, and the only way (i can see) to patch : it is to get a new libXt... :( Or fix xterm such that it doesn't need to be setuid. This usually involves hacking the kernel to have saner defaults than are present in the BSD kernel. If you could create a pseudo device that was owned by the user creating it, xterm wouldn't need to be setuid, if my look at the source and conversations I've had with others that understood xterm better than I. This doesn't mean that one shouldn't fix libXt, just that xterm, although careful generally, shouldn't need to be setuid root (in an ideal world). Warner P.S. I'm sure I'll get flamed for not knowing the other cases that xterm needs to be root for, if they exist. Please be gentle, xterm isn't the easiest program to read :-(.
Current thread:
- Re: Vulnerability in the Xt library Warner Losh (Aug 25)
- Re: Vulnerability in the Xt library Casper Dik (Aug 26)
- r00t advisory -- Sunny Day Virus Gregory Hull (Aug 26)
- r00t advisroy -- sol2.5 at(1) vunerability Gregory Hull (Aug 26)
- r00t advisory -- workman vunerability Gregory Hull (Aug 26)
- r00t advisory -- sol2.5 su(1M) vunerability Gregory Hull (Aug 26)
- SGI Security Advisory 19960802-01 - Vulnerability in expreserve SGI Security Coordinator (Aug 26)
- Privileges (was libresolv+ bug) Paul McNabb (Aug 26)
- [BUG] Vulnerability in PINE Sean B. Hamor (Aug 26)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
(Thread continues...)