Re: libX11 overflow continued....

[lamontg () HITL WASHINGTON EDU (Lamont Granquist)]

On Fri, 30 May 1997, David Hedley wrote:
> Set the environment variable XAPPLRESDIR to be your home directory (you
> will only have to do this if it is already pointing somewhere else, or
> you have set some of the other X resource enviroment variables like
> XUSERFILESEARCHPATH), and then run xterm. xterm will then segmentation
> fault/bus error etc.

Joe Zbiciak's wrapper almost protects against this.  It nukes XAPPLRESDIR,
XUSERFILESEARCHPATH and any environment variables that aren't in a small
set of approved ones (I had to add DISPLAY to this list).  The problem is
that xterm will still pick up ~/XTerm anyway on the machine I tested this
on (varies based on configuration?  anyone know offhand how to configure
it to not do this?). However, it does protect against, say ~/foobar/XTerm
with XAPPLRESDIR pointing to ~/foobar.

I tested this on an R5k O2 Irix 6.3.

Of course this probably just moves the buffer overflow into xrdb -merge,
(correct, David?)

--
Lamont Granquist <lamontg () hitl washington edu> (206)616-1469 fax:(206)543-5380
Human Interface Technology Lab.  University of Washington.  Seattle, WA
PGP pubkey: finger lamontg () near hitl washington edu