Re: xterm log file vulnerability

From: Kris Kennaway (krisat_private)
Date: Wed Mar 01 2000 - 01:37:18 PST

Next message: Georgi Guninski: "IE 5.x allows executing arbitrary programs using .chm files"

Previous message: Aleph One: "[Debian] New version of htdig released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 29 Feb 2000, Morten Welinder wrote:

> Problem: when log files are enabled, they are created in the
> following way (checking in XFree86 3.3.6 source; matches Solaris
> binaries) and are subject to race conditions:

XFree86 3.3.6 doesn't seem to be vulnerable by default - from
xc/programs/xterm/misc.c:

#ifdef ALLOWLOGGING

/*
 * Logging is a security hole, since it allows a setuid program to write
 * arbitrary data to an arbitrary file.  So it is disabled by default.
 */

Certainly I couldn't get xterm -l -lf foo to work for me at all.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsytheat_private>

Next message: Georgi Guninski: "IE 5.x allows executing arbitrary programs using .chm files"
Previous message: Aleph One: "[Debian] New version of htdig released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:33 PDT