hello! > Using Sun's Openwin under SunOS4.1.3, I noticed that the > /usr/openwin/bin/xterm wasn't setuid ROOT. It seems to be a > good thing (remember the "xterm -lf" + file link bug ?). heh... sun closed the xterm hole with minimal cost ?! ;) > When you launch an xterm, the system attachs a device to the > xterm's shell. You can see this device by typing 'tty' in the xterm's > window. OK. > > The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are > owned by root, with rights rw-rw-rw-. When you log on the machine, > the login process changes the owner of the terminal, so the tty > belongs to you, with minimum access rights. BUT when using an xterm, > you don't have the permissions to change the owner and access rights > of the newly allocated tty. So the device stays owned by root, > WORLD READABLE and WORLD WRITEABLE !!! i think you may try to fix that bug by compiling xterm without -lf option and install it suid. i found this bug (?) few months ago, but just now found time to fix it; we're testing this now, and can send you results and src code of modified xterm after testing, in few days.. :-) > I think this introduces a major security hole... yes, 666 is not the best mode for tty.. :) --alex. Alexander L. Haiut Dept. of Computer Science Ben-Gurion University, Israel _________________________________ e-mail : alx@cs.bgu.ac.il voice : +972-7-461658