[1842] in NetBSD-Development
Please fix old X11 security issues
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Feb 12 23:02:05 1999
Date: Fri, 12 Feb 1999 22:46:56 -0500 (EST)
From: Sam Hartman <hartmans@MIT.EDU>
To: netbsd-dev@MIT.EDU
Cc: sipb-afsreq@MIT.EDU
So, in our set-uid audit, we found some old versions of X11 in
/afs/system/i386_nbsd1/usr/X11R6 and
/afs/sipb/system/i386_nbsd1/srvd-7.7.2/usr/X11R6. There are known
root-giving vulnerabitilites with these versions of X11.
We wish to remove set-uid bits from these binaries, or in some other
way fix them. I would like to set a deadline of next Tuesday evening
, February 16, after which sipb-afsreq should feel comfortable
dropping the set-uid bits on these files, even if nothing has been
done. The date is not important; I just want to make sure there is a
solid deadline.
Let me know if you need any help.
--Sam
