[3882] in bugtraq
Re: XDM bug
daemon@ATHENA.MIT.EDU (jamie)
Fri Jan 3 16:28:43 1997
Date: Fri, 3 Jan 1997 14:55:21 -0500
Reply-To: jamie <batsy@interlog.com>
From: jamie <batsy@interlog.com>
X-To: "Steve \"Stevers!\" Coile" <scoile@patriot.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.91.970103113033.26298B-100000@adams.patriot.net>
:On Thu, 2 Jan 1997, Angel Ortiz wrote:
:[...]
:> System: UNIX Ware systems with X
:>
:> Symptom:
:> /usr/X/bin/xdm is setuid
:[...]
:> Any way, please verify xdm setuid on your systems and please let the
:> bugtraq news group know if it exists on other systems.
BSDi 2.1 is also not vulnerable. Even if it was suid, this problem can
be (briefly) alleviated by popping it in you respectice /etc/rc.* file as
opposed to starting it as a user.
-j
"The beatings will continue until morale improves."
Jamie Reid, Jr Sys-admin, batsy@interlog.com x232
