[10019] in bugtraq
not only NetBSD [was Re: X11R6 NetBSD Security Problem]
daemon@ATHENA.MIT.EDU (Pavel Machek)
Sun Mar 28 23:41:21 1999
Date: Fri, 26 Mar 1999 13:55:13 +0100
Reply-To: Pavel Machek <pavel@BUG.UCW.CZ>
From: Pavel Machek <pavel@BUG.UCW.CZ>
X-To: "in.telnetd" <telnetd@DOEMILL.SHOCKING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.NEB.4.02.9903212108120.5403-100000@stinky>; from in.telnetd
on Sun, Mar 21, 1999 at 09:34:48PM -0800
Hi!
> If this has already been brought up, you have the right to stone me to
> death, But I havent seen it and ive searched, so here it is:
>
> I was fooling around today, and decided to rm /tmp/.X11-unix and then make
> a symbolic link from a file to /tmp/.X11-unix and then startx. So I backed
> up /etc/passwd and
> ln -s /etc/passwd /tmp/.X11-unix
> and then startx'd as normal user acount, But X wouldnt start, it
> complained and said "is not a directory" So, I made a symbolic link from
> /root to /tmp/.X11-unix, and startx'd as a normal user, and was suprised
> to have write access to /root.
I tried to reproduce on 2.2.4 linux using
XFree86 Version 3.3.2 / X Window System
(protocol Version 11, revision 0, vendor release 6300)
Release Date: March 2 1998
If the server is older than 6-12 months, or if your card is
newer
than the above date, look for a newer version before reporting
problems. (see http://www.XFree86.Org/FAQ)
. I'm not able to get write access to /etc, still I'm able to create
file
srwxrwxrwx 1 root root 0 Mar 26 13:48 X0=
in previously unwritable directory. Bug, it seems. [There was some
talk about /tmp/.X11-unix directories, and I think that this problem
might very well get _worse_ with new 3.3.3 release. Please check.]
Pavel
--
I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).
