hole in turbolinux 1.2 default xinitrc

From: Jeremy Brand (jbrandat_private)
Date: Fri May 01 1998 - 14:01:11 PDT

Next message: Keith Bostic: "Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw"

Previous message: Aleph One: "Re: Get Valid Logins on RedHat 4.x"
Next in thread: Alan Cox: "Re: hole in turbolinux 1.2 default xinitrc"
Reply: Alan Cox: "Re: hole in turbolinux 1.2 default xinitrc"
Reply: Scott Stone: "Re: hole in turbolinux 1.2 default xinitrc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----


Anyone running X11 on a turbo linux 1.2 system (who has not modified
anything) is most likely affected.

I attempted to notify the author here first, but it bounced... so here you
go.

- -jeremy brand

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prediction is very difficult, especially of the future.
                -- Niels Bohr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  jbrandat_private           http://kittynet.wsc.edu/~jbrand/PGP-KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ---------- Forwarded message ----------
Date: Fri, 1 May 1998 11:21:55 -0500 (CDT)
From: Jeremy Brand <jbrandat_private>
To: sstoneat_private
Subject: hole in turbolinux 1.2 default xinitrc

Scott,

this appears to open up many holes on systems.  if it is needed to let
apps start up, i would recommend:

$ xhost +$HOSTNAME$DISPLAY

or in a pinch
$ xhost +localhost

or (my favorite)
not at all.

- ----
this is the default xinitrc on Turbolinux 1.2 systems.  anyone see a hole?
being that Turbolinux 1.2 is based on Red Hat 5, RH5 may have this hole
too.


Turbolinux 1.2
- --snip-- from /etc/X11/xinit/xinitrc
#START_STARTUP_APPS
xhost +
#END_STARTUP_APPS

thanks,
- -jeremy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                     Law of Software Envelopment:
``Every program attempts to expand until it can read mail.
 Those programs which cannot so expand are replaced by ones which can.''
                                 from Jamie Zawinski
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  jbrandat_private           http://kittynet.wsc.edu/~jbrand/PGP-KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBNUo4HkO2qj5xP0LdAQGHlwf9GrTy04xppPzV4Ym4tPqVm4NFkYjq/yob
KDPSaYSiXDjNuFFt1iGess53+CodKTkqQEdfVFhxJpCU5maI9v40S6d6uEU19R0e
x6AKGrSYB1lQIWSXrDpgl7++KvqvvvtWKfUI4Au0bBT9lI9zujITAy/RMxZrvFpE
IhpEpj2rmf5amJ42PpcQoeqakiM25oGtTcbft6jZHWd5/5tPd3ZSeWxgKjijon0a
i56WXzo/8cSHwlJIGpe2huRb1AXTMATYzW/HKDQD7KELzHBW4gZ78T5anYnyl0z9
NDaNZNEm4pKHi3OaMK8dEqf98iX8JhKwdDZmgyzXVB0QyFglsHT7lg==
=LT7h
-----END PGP SIGNATURE-----

Next message: Keith Bostic: "Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw"
Previous message: Aleph One: "Re: Get Valid Logins on RedHat 4.x"
Next in thread: Alan Cox: "Re: hole in turbolinux 1.2 default xinitrc"
Reply: Alan Cox: "Re: hole in turbolinux 1.2 default xinitrc"
Reply: Scott Stone: "Re: hole in turbolinux 1.2 default xinitrc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:03 PDT