Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: libX11
From: dholland () EECS HARVARD EDU (David Holland)
Date: Thu, 27 Feb 1997 22:55:00 -0500


So instead I wrote the following wrapper, and used it to wrap xload, xterm
and xconsole. My wrapper, and the SNI advisory, included below.

  Simplier workaround will be just to remove setuid bit. xterm won't
write utmp entries or capture console messages (no big loss),

If you don't make xterm setuid root it can't chown the tty, which is a
major security hazard itself.

--
   - David A. Holland             |    VINO project home page:
     dholland () eecs harvard edu    | http://www.eecs.harvard.edu/vino



  By Date           By Thread  

Current thread:
  • Re: libX11 Paul Szabo (Feb 27)
    • Re: libX11 Alex Belits (Feb 28)
      • Re: libX11 David Holland (Feb 28)
    • <Possible follow-ups>
    • Re: libX11 David Sacerdote (Feb 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]