[20199] in bugtraq
Re: Solaris Xsun buffer overflow vulnerability
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Apr 13 07:12:30 2001
Message-ID: <200104120719.JAA00989@romulus.Holland.Sun.COM>
Date: Thu, 12 Apr 2001 09:19:32 +0200
Reply-To: Casper Dik <Casper.Dik@SUN.COM>
From: Casper Dik <Casper.Dik@SUN.COM>
X-To: Leif Sawyer <lsawyer@GCI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 11 Apr 2001 08:47:36 -0800."
<BF9651D8732ED311A61D00105A9CA3150446D832@berkeley.gci.com>
Xsun is set-uid root on Solaris/Intel where it
needs it for certain device drivers.
Xsun is set-gid sys on Solaris/SPARC.
If you run Xsun through dtlogin, you can safely strip
the set-uid bits.
Casper
