Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libX11

From: dholland () EECS HARVARD EDU (David Holland)
Date: Thu, 27 Feb 1997 22:55:00 -0500


So instead I wrote the following wrapper, and used it to wrap xload, xterm
and xconsole. My wrapper, and the SNI advisory, included below.


  Simplier workaround will be just to remove setuid bit. xterm won't
write utmp entries or capture console messages (no big loss),


If you don't make xterm setuid root it can't chown the tty, which is a
major security hazard itself.

--
   - David A. Holland             |    VINO project home page:
     dholland () eecs harvard edu    | http://www.eecs.harvard.edu/vino
Previous By Date Next
Previous By Thread Next

Current thread: