mailing list archives
Re: safe logging xterm
From: jfh () rpp386 cactus org (John F. Haugh II)
Date: Sun, 2 Apr 95 20:19:53 CDT
On Thu, 16 Mar 1995 17:42:07 EST, Robert Banz said:
On Tue, 14 Mar 1995, Adam Shostack wrote:
Yes, it leaves setuid on a program that is way too large. Xterm tends
to be setuid so it can write to utmp. Thats a bad reason to make a
large program setuid.
Hm. Why not make utmp group "bob" writable, and make xterm setgid "bob"?
Well.. mostly because the OTHER think xterm likes to be set-UID for is
so it can chown()/chmod() your pty so you own it so you can do things
like 'mesg n'... ;)
ObSecurityHole: AIX 3.2.5 and 4.1.2 /bin/mesg, /bin/write, and friends
still don't do the set-GID tty thing from BSD 4.2, so if you run 'mesg
y' your terminal is mode 644 and anybody can scribble on it, rather
than the nicer BSD way of setting it to mode 640 and things that were
set-GID tty could scribble on it, after filtering any inappropriate
control characters out, etc...
It aint news to IBM - I filed a bug report against AIX/370 for this back
in 1990 or so. *sigh*.
AIX v3 gets its TTY protection scheme from v2 and the /etc/ports file. In
v3 the data is moved into the ODM and poorly documented. You can change
the default login permissions to something other than 622 and if you have
the correct support agreement, I believe the nice folks in Austin will even
send you the unobfuscated information.
Please note that there is not universal agreement on BSD 4.2's scheme. My
SVR4 system don't work that way and I want to insist that none of the
pre-SVR4 USG based systems don't either. This really is a BSD thing.
John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh () rpp386 cactus org
- Re: safe logging xterm John F. Haugh II (Apr 03)