Re: Xterm security hole

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Niko.Makila@csc.fi: "Re: CERT Advisory CA-93:17"
• Previous message: Mike: "Xterm bug"
• In reply to: Dave Hayes: "Xterm security hole"

Dave = Dave Hayes <dave@elxr.Jpl.Nasa.Gov>

Dave> Does anyone have enough details on this hole to determine if the
Dave> entire logging mechanism *needs* to be disabled? Some of us use
Dave> Xterm logging here and I don't understand exactly what the problem is.

The original xterm code used an if-else ladder with access to determine if
the user has permission to write to the log file. This is an inherent race
condition, since access tells you what is true for that *one* moment in
time.

If after access runs, and before it gets to open, you can replace the file
with something else (say like a hard link to the password file), which will
then chown the file.

Very bad.

--S

• Next message: Niko.Makila@csc.fi: "Re: CERT Advisory CA-93:17"
• Previous message: Mike: "Xterm bug"
• In reply to: Dave Hayes: "Xterm security hole"