Re: Solaris Xsun buffer overflow vulnerability

From: Alan Coopersmith (alancat_private)
Date: Wed Apr 11 2001 - 21:18:47 PDT

Next message: Thomas Roessler: "Re: flaw in RH ``mkpasswd'' command"

Previous message: Joey Hess: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Next in thread: Casper Dik: "Re: Solaris Xsun buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 11, 2001 at 08:47:36AM -0800, Leif Sawyer wrote:
> Don't have a Solaris 7 box to check.  Not sure why your Solaris 8 has
> a SUID Xsun install, either.

Xsun is setgid-root on Sparc, setuid-root on Intel.  (The set*id bits in
either case are only needed for people starting the server from the command
line via programs such as openwin & xinit.  If you use dtlogin or xdm to
start X, they run as root already so don't need set*id bits.)

________________________________________________________________________
Alan Coopersmith                              alancat_private
http://soar.Berkeley.EDU/~alanc/           aka: Alan.Coopersmithat_private
  Working for, but definitely not speaking for, Sun Microsystems, Inc.

Next message: Thomas Roessler: "Re: flaw in RH ``mkpasswd'' command"
Previous message: Joey Hess: "Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems"
Next in thread: Casper Dik: "Re: Solaris Xsun buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 03:10:16 PDT