Date: Mon, 16 Sep 1996 21:15:37 +0000 () From: David Nugent <davidn@sdev.blaze.net.au> To: Jim Riffle <rif@ns.kconline.com> Cc: questions@freebsd.org Subject: Re: invisible with xterm Message-ID: <Pine.BSF.3.95.960916211153.26157O-100000@sdev.blaze.net.au> In-Reply-To: <Pine.BSI.3.95.960916035100.10469A-100000@ns.kconline.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Sep 1996, Jim Riffle wrote: >One day, after hearing of the possible vunorability of xterm, I >decided to take the suid bit off of it just in case. Just the >other day, I knowticed something peculiar happening with it now. >If I start up an xterm, I am invisible. Which I am invisible, >everything works fine, as I can do everything I could do before. Without the setuid bit, xterm can't modify /usr/run/utmp, which it needs to in order to be seen by 'w' and other utmp sniffers. >I realize I could fix this by putting the suid bit back on, but >what will stop say any user just compiling xterm themselves and >becoming invisible? 'invisible' to 'w'. But all processes are still perfectly visible. Depends entirely on where you get your information. >So, is this some sort of a bug, or just something that is going >to happen? The latter. It isn't a bug if you have a misconfigured system (ie. no setuid bit on xterm). :-) >Also, has anyone ever found out of there is any vunorabilities >with xterm? I was following that thread, but don't recall it >ever being resolved. I'm not aware of any, which does not mean that there isn't one. Certainly xterm vulnerabilities have been discovered (and fixed) in the past. Regards, David David Nugent, Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-791-9547 Data/BBS +61-3-792-3507 3:632/348@fidonet davidn@blaze.net.au http://www.blaze.net.au/~david
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.960916211153.26157O-100000>