Bugtraq mailing list archives
Re: libX11 overflow continued....
From: lamontg () HITL WASHINGTON EDU (Lamont Granquist)
Date: Fri, 30 May 1997 05:38:50 -0700
On Fri, 30 May 1997, David Hedley wrote:
Set the environment variable XAPPLRESDIR to be your home directory (you will only have to do this if it is already pointing somewhere else, or you have set some of the other X resource enviroment variables like XUSERFILESEARCHPATH), and then run xterm. xterm will then segmentation fault/bus error etc.
Joe Zbiciak's wrapper almost protects against this. It nukes XAPPLRESDIR, XUSERFILESEARCHPATH and any environment variables that aren't in a small set of approved ones (I had to add DISPLAY to this list). The problem is that xterm will still pick up ~/XTerm anyway on the machine I tested this on (varies based on configuration? anyone know offhand how to configure it to not do this?). However, it does protect against, say ~/foobar/XTerm with XAPPLRESDIR pointing to ~/foobar. I tested this on an R5k O2 Irix 6.3. Of course this probably just moves the buffer overflow into xrdb -merge, (correct, David?) -- Lamont Granquist <lamontg () hitl washington edu> (206)616-1469 fax:(206)543-5380 Human Interface Technology Lab. University of Washington. Seattle, WA PGP pubkey: finger lamontg () near hitl washington edu
Current thread:
- libX11 overflow continued.... David Hedley (May 29)
- Re: libX11 overflow continued.... Lamont Granquist (May 30)
- Re: libX11 overflow continued.... David Hedley (May 30)
- Re: libX11 overflow continued.... Roman Maeder (May 30)
- Re: libX11 overflow continued.... David Hedley (May 30)
- NIS+, Solaris 2.5.1 Anonymous (May 30)
- Re: NIS+, Solaris 2.5.1 Casper Dik (May 30)
- Re: libX11 overflow continued.... Lamont Granquist (May 30)