Home page logo
/

bugtraq logo Bugtraq mailing list archives

hole in turbolinux 1.2 default xinitrc
From: jbrand () WILLY WSC EDU (Jeremy Brand)
Date: Fri, 1 May 1998 16:01:11 -0500


-----BEGIN PGP SIGNED MESSAGE-----


Anyone running X11 on a turbo linux 1.2 system (who has not modified
anything) is most likely affected.

I attempted to notify the author here first, but it bounced... so here you
go.

- -jeremy brand

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prediction is very difficult, especially of the future.
                -- Niels Bohr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  jbrand () willy wsc edu           http://kittynet.wsc.edu/~jbrand/PGP-KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ---------- Forwarded message ----------
Date: Fri, 1 May 1998 11:21:55 -0500 (CDT)
From: Jeremy Brand <jbrand () willy wsc edu>
To: sstone () turbolinux com
Subject: hole in turbolinux 1.2 default xinitrc

Scott,

this appears to open up many holes on systems.  if it is needed to let
apps start up, i would recommend:

$ xhost +$HOSTNAME$DISPLAY

or in a pinch
$ xhost +localhost

or (my favorite)
not at all.

- ----
this is the default xinitrc on Turbolinux 1.2 systems.  anyone see a hole?
being that Turbolinux 1.2 is based on Red Hat 5, RH5 may have this hole
too.


Turbolinux 1.2
- --snip-- from /etc/X11/xinit/xinitrc
#START_STARTUP_APPS
xhost +
#END_STARTUP_APPS

thanks,
- -jeremy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                     Law of Software Envelopment:
``Every program attempts to expand until it can read mail.
 Those programs which cannot so expand are replaced by ones which can.''
                                 from Jamie Zawinski
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  jbrand () willy wsc edu           http://kittynet.wsc.edu/~jbrand/PGP-KEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBNUo4HkO2qj5xP0LdAQGHlwf9GrTy04xppPzV4Ym4tPqVm4NFkYjq/yob
KDPSaYSiXDjNuFFt1iGess53+CodKTkqQEdfVFhxJpCU5maI9v40S6d6uEU19R0e
x6AKGrSYB1lQIWSXrDpgl7++KvqvvvtWKfUI4Au0bBT9lI9zujITAy/RMxZrvFpE
IhpEpj2rmf5amJ42PpcQoeqakiM25oGtTcbft6jZHWd5/5tPd3ZSeWxgKjijon0a
i56WXzo/8cSHwlJIGpe2huRb1AXTMATYzW/HKDQD7KELzHBW4gZ78T5anYnyl0z9
NDaNZNEm4pKHi3OaMK8dEqf98iX8JhKwdDZmgyzXVB0QyFglsHT7lg==
=LT7h
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault