[14121] in bugtraq
Re: xterm log file vulnerability
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Wed Mar 1 19:57:30 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0003010135420.39842-100000@hub.freebsd.org>
Date: Wed, 1 Mar 2000 01:37:18 -0800
Reply-To: Kris Kennaway <kris@HUB.FREEBSD.ORG>
From: Kris Kennaway <kris@HUB.FREEBSD.ORG>
X-To: Morten Welinder <terra@DIKU.DK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200002291639.RAA02694@tyr.diku.dk>
On Tue, 29 Feb 2000, Morten Welinder wrote:
> Problem: when log files are enabled, they are created in the
> following way (checking in XFree86 3.3.6 source; matches Solaris
> binaries) and are subject to race conditions:
XFree86 3.3.6 doesn't seem to be vulnerable by default - from
xc/programs/xterm/misc.c:
#ifdef ALLOWLOGGING
/*
* Logging is a security hole, since it allows a setuid program to write
* arbitrary data to an arbitrary file. So it is disabled by default.
*/
Certainly I couldn't get xterm -l -lf foo to work for me at all.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
