[20195] in bugtraq
Re: Solaris Xsun buffer overflow vulnerability
daemon@ATHENA.MIT.EDU (Alan Coopersmith)
Fri Apr 13 06:11:04 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010411211847.A59105@soda.csua.berkeley.edu>
Date: Wed, 11 Apr 2001 21:18:47 -0700
Reply-To: alanc@CSUA.Berkeley.EDU
From: Alan Coopersmith <alanc@ALUM.CALBERKELEY.ORG>
X-To: Leif Sawyer <lsawyer@GCI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <BF9651D8732ED311A61D00105A9CA3150446D832@berkeley.gci.com>; from
lsawyer@GCI.COM on Wed, Apr 11, 2001 at 08:47:36AM -0800
On Wed, Apr 11, 2001 at 08:47:36AM -0800, Leif Sawyer wrote:
> Don't have a Solaris 7 box to check. Not sure why your Solaris 8 has
> a SUID Xsun install, either.
Xsun is setgid-root on Sparc, setuid-root on Intel. (The set*id bits in
either case are only needed for people starting the server from the command
line via programs such as openwin & xinit. If you use dtlogin or xdm to
start X, they run as root already so don't need set*id bits.)
________________________________________________________________________
Alan Coopersmith alanc@alum.calberkeley.org
http://soar.Berkeley.EDU/~alanc/ aka: Alan.Coopersmith@Sun.COM
Working for, but definitely not speaking for, Sun Microsystems, Inc.
