On Tue, Apr 28, 1998 at 05:57:55PM +0200, A Mennucc wrote: > > Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw > > library distributed in various MIT X Consortium; X Consortium, Inc.; > > and The Open Group X Project Team releases. These vulnerabilities may > > be exploited by an intruder to gain root access. > > the only solutions seems to > > chmod 0755 `which xterm`
Or to apply a patch that TOG sent to their members, but didn't think to do anything useful like include it in the alert itself. It's probably not free anyway :( Since a program as complicated as xterm is always likely to contain security problems, we probably should leave it un-suid anyway, even once we have patched it to fix the bugs mentioned. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
