On Tue, Apr 28, 1998 at 12:45:33PM -0500, Branden Robinson wrote: > Well, the reason xterm is setuid is because it needs > privileged access to the utmp file. However, this is > presently a problem under some circumstances (see bug > #20685).
It's not the only reason: XTerm needs to be suid root to adjust the permissions on the pseudo terminal's slave device (/dev/ttyp*). Without root having xterm suid root, _any_ user on the system may send arbitrary data to xterm. This may permit reprogramming some keyboard settings. So, plainly, xterm is a security risk with or without the suid root bit. As a solution, we need a wrapper which does pty allocation and starts kind of "client" xterm with user privileges. (Or we need glibc-2.1 and linux 2.1 where non-privileged programs can do proper pty allocation. ;-) tlr -- Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/ 2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
