Secure Coding mailing list archives

HNS - Biggest X Window security hole since 2000

From: mouse at Rodents.Montreal.QC.CA (der Mouse)
Date: Sun, 7 May 2006 01:04:00 -0400 (EDT)

The author claims, "This flaw, caused by something as seemingly
harmless as a missing closing parenthesis, allowed local users to
execute code with root

Certainly that part is OS-specific.  On my VMS machine, X-windows
processes do not run as root.


OS- and installation-specific.  Neither the above nor the article says
just which piece of X is responsible, but I don't think any X code runs
as root on my (NetBSD) machines unless I specifically do so, such as
starting a terminal emulator from a root shell.

So, it sounds like a single byte change in the entire X src tree
could fix a bug that could give an attacker complete control of a
system.  Lovely...


And, of course, nobody ever bothers to say just what the problem was.
Grrr.  (Fortunately, I don't care, since I am running pre-X11R6.9.0
code, or I'd be trying to chase down the diff.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse at rodents.montreal.qc.ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)
  - HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
    - HNS - Biggest X Window security hole since 2000 Greenarrow 1 (May 04)
- HNS - Biggest X Window security hole since 2000 ljknews (May 05)
  - HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
    - HNS - Biggest X Window security hole since 2000 Robert C. Seacord (May 08)
    - HNS - Biggest X Window security hole since 2000 Tim Hollebeek (May 08)
  - HNS - Biggest X Window security hole since 2000 Florian Weimer (May 07)