The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-alert] Vulnerability of suid/sgid programs using libXt

Your message dated: Fri, 30 May 97 18:05:31 +0300
> Alexander O. Yuriev wrote:
> > 
> > XTERM(1) and xterm derived programs
> > 
> >      Unfortunately, you cannot remove suid bit from the xterm(1) and
> >      programs derived from it withot losing part of functionality. The
> >      advice by authors of exploits from bugtraq to squash suid bit prevents
> >      xterm(1) from changing ownerships of tty devices allowing any user on 
> a
> >      system to read information from terminal devices.
> > 
> >      This looks like a lose-lose situation unless you are willing to disabl
> e
> >      xterm(1) program completely (and leave with it being disabled ) until
> >      the fixed version becomes available. Basically, you should consider
> >      risks of someone from your system running xterm(1) and gaining root
> >      access to a system vs. not being able to run xterm(1) at all and vs.
> >      running xterm(1) as non-suid application which would allow one user to
> >      intercept keystrokes of another. It is your choice but no matter what
> >      you decide to do, think about the consequences first.
> 
> I have used another approach, which only works with xdm.
> 
> My GiveConsole script does this:
> chown $USER /dev/tty /dev/ttyp*
> chmod 600 /dev/ttyp*
> 
> TakeConsole does this:
> chown root /dev/tty /dev/ttyp*
> chmod 666 /dev/ttyp*
> 
> Xterm looks like this:
> -rwxr-sr-x   1 root     xterm      127896 Jan 20 13:13
> /usr/X11/bin/xterm
> (I have added a new group xterm)
> 
> /var/run/utmp looks like this:
> -rw-rw-r--   1 root     xterm         840 May 30 17:44 /var/run/utmp
> 
> The idea is to let users login under xdm as usual, while still logging
> all xterm sessions in utmp (that's why the setgid xterm is for).
> 
> I could skip the setgid part using a patch to xdm to log user logins
> instead (I have one available at
> http://www2.lmn.pub.ro/ftp/Linux/Patches/xdm.patch.* which does this 
> among other things).

Interesting except that I do not see how it helps in a case of someone
telnet'ing in, doing export DISPLAY=blah and running xterm? Any ideas? Oh, I
hope you do not mind that I CC'ed this message to two distribution
maintainers and Matt Bishop from UC Davis Computer Security Lab

Alex
 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .