[3678] in bugtraq
cvs commit: ports/x11/XFree86 Makefile (fwd)
daemon@ATHENA.MIT.EDU (Marc Slemko)
Mon Nov 25 02:36:50 1996
Date: Mon, 25 Nov 1996 00:03:53 -0600
Reply-To: Marc Slemko <marcs@alive.ampr.ab.ca>
From: Marc Slemko <marcs@alive.ampr.ab.ca>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
As per the below commit, SuperProbe is no longer setuid root on FreeBSD.
I would highly recommend that you remove the setuid bit if it is installed
on your system; it is normally in /usr/X11R6/bin/SuperProbe if you have X
installed. 'chmod u-s /usr/X11R6/bin/SuperProbe' will do the trick.
There are at least two possible buffer overflows which are trivial to find
by looking through the source. I have not investigated them fully to
determine if they are exploitable; they are not exploitable using the more
common methods, but they could still be exploitable.
By removing the setuid bit, the net result is that non-root users can't
probe your video chip. Funny, but to me that is a good thing not a bad
thing.
---------- Forwarded message ----------
Date: Sun, 24 Nov 1996 18:29:27 -0800 (PST)
From: Jean-Marc Zucconi <jmz@freefall.freebsd.org>
To: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
cvs-ports@freefall.freebsd.org
Subject: cvs commit: ports/x11/XFree86 Makefile
jmz 96/11/24 18:29:27
Modified: x11/XFree86 Makefile
Log:
Remove the suid bit of SuperProbe.
According to Marc Slemko (marcs@alive.ampr.ab.ca) there are potential
security holes in SuperProbe and it is not going to be setuid in the
next release.
Revision Changes Path
1.23 +2 -1 ports/x11/XFree86/Makefile
