[1257] in bugtraq
Re: safe logging xterm
daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Mar 14 18:26:15 1995
From: Adam Shostack <adam@bwh.harvard.edu>
To: marg@columbia.edu (Margarita Suarez)
Date: Tue, 14 Mar 1995 16:46:16 -0500 (EST)
Cc: bugtraq@fc.net, unixsys@columbia.edu
In-Reply-To: <CMM.0.90.4.795203758.marg@manila.cc.columbia.edu> from "Margarita Suarez" at Mar 14, 95 12:55:58 pm
Margarita Suarez wrote:
| we have modified xterm to make use of the POSIX saved id where possible;
| otherwise, it uses setreuid() to switch back and forth between user and
| superuser. we provide enable() and disable() functions which swap the
| euid and ruid so that the running xterm can give up root and take it
| back.
| can anyone see a problem with this fix?
Yes, it leaves setuid on a program that is way too large. Xterm tends
to be setuid so it can write to utmp. Thats a bad reason to make a
large program setuid.
Adam
