mailing list archives
Re: xterm log file vulnerability
From: kris () HUB FREEBSD ORG (Kris Kennaway)
Date: Wed, 1 Mar 2000 01:37:18 -0800
On Tue, 29 Feb 2000, Morten Welinder wrote:
Problem: when log files are enabled, they are created in the
following way (checking in XFree86 3.3.6 source; matches Solaris
binaries) and are subject to race conditions:
XFree86 3.3.6 doesn't seem to be vulnerable by default - from
* Logging is a security hole, since it allows a setuid program to write
* arbitrary data to an arbitrary file. So it is disabled by default.
Certainly I couldn't get xterm -l -lf foo to work for me at all.
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe () alum mit edu>
- Re: xterm log file vulnerability Kris Kennaway (Mar 01)