[10065] in bugtraq
XFree86 security problem
daemon@ATHENA.MIT.EDU (Patrick J. Volkerding)
Wed Mar 31 15:31:11 1999
Date: Wed, 31 Mar 1999 11:12:52 -0600
Reply-To: "Patrick J. Volkerding" <gonzo@RRNET.COM>
From: "Patrick J. Volkerding" <gonzo@RRNET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.04.9903291849040.961-100000@flag.lan>
On Mon, 29 Mar 1999, Domas Mituzas wrote:
> why is RedHat delaying release of this package
> as it smells like root takeover (it was too easy
> to change /etc/ and /etc/passwd permissions to
> something neat).
>
> [...]
>
> This is cross-platform bug, as I found it in
> all OS that run XFree86 3.3.3 server. As far as
> I know it is on every Linux distribution (especially
> newest ones) and BSD's.
Before flying off the handle at Red Hat, you might consider that quite
possibly they aren't vulnerable to this problem. As far as I can tell, if
the system ships with a /tmp/.X11-unix/ directory already in place, and
none of the system scripts delete it, then there's no security problem
since nobody can put a rogue symlink at that location in /tmp.
I know Slackware Linux isn't vulnerable to this problem, and never was,
and I don't think we're the only ones to ship a Linux OS that provides a
pre-existing /tmp/.X11-unix/.
--
Patrick J. Volkerding
Slackware Linux Project
