Secure Coding mailing list archives
HNS - Biggest X Window security hole since 2000
From: mouse at Rodents.Montreal.QC.CA (der Mouse)
Date: Sun, 7 May 2006 01:04:00 -0400 (EDT)
The author claims, "This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with rootCertainly that part is OS-specific. On my VMS machine, X-windows processes do not run as root.
OS- and installation-specific. Neither the above nor the article says just which piece of X is responsible, but I don't think any X code runs as root on my (NetBSD) machines unless I specifically do so, such as starting a terminal emulator from a root shell.
So, it sounds like a single byte change in the entire X src tree could fix a bug that could give an attacker complete control of a system. Lovely...
And, of course, nobody ever bothers to say just what the problem was. Grrr. (Fortunately, I don't care, since I am running pre-X11R6.9.0 code, or I'd be trying to chase down the diff.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse at rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Greenarrow 1 (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 ljknews (May 05)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Robert C. Seacord (May 08)
- HNS - Biggest X Window security hole since 2000 Tim Hollebeek (May 08)
- HNS - Biggest X Window security hole since 2000 Florian Weimer (May 07)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)