[3201] in bugtraq
Re: Possible bufferoverflow condition in lpr, xterm and xload
daemon@ATHENA.MIT.EDU (Evil Pete)
Sun Aug 18 18:47:14 1996
Date: Sun, 18 Aug 1996 13:28:22 -0700
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Evil Pete <shipley@dis.org>
X-To: Igor Chudov <ichudov@algebra.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of Sun, 18 Aug 1996 09:34:47 -0500.
<199608181434.JAA08548@manifold.algebra.com>
>
>How about the real solution to the xterm woes:
>
>1. Make utmp and wtmp owned by user root, group (say) acctg, and mode 664=
.
>2. instead of setuiding xterm as root, make it setgid acctg.
>
>This way the worst consequence of hacking xterm would be compromise of
>accounting files, but not the root user.
>
>Is there anything else that xterm needs to do as root besides updating
>{w|u}tmp? I don't think so, I made a copy in mode 755=A0and it worked
>fine with -ut option.
>
chown your tty
