On Tue, 29 Feb 2000, Morten Welinder wrote: > Problem: when log files are enabled, they are created in the > following way (checking in XFree86 3.3.6 source; matches Solaris > binaries) and are subject to race conditions: XFree86 3.3.6 doesn't seem to be vulnerable by default - from xc/programs/xterm/misc.c: #ifdef ALLOWLOGGING /* * Logging is a security hole, since it allows a setuid program to write * arbitrary data to an arbitrary file. So it is disabled by default. */ Certainly I couldn't get xterm -l -lf foo to work for me at all. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsytheat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:33 PDT