[3884] in bugtraq
Re: XDM bug
daemon@ATHENA.MIT.EDU (Alex Belits)
Fri Jan 3 23:18:44 1997
Date: Fri, 3 Jan 1997 18:06:40 -0800
Reply-To: Alex Belits <abelits@phobos.illtel.denver.co.us>
From: Alex Belits <abelits@phobos.illtel.denver.co.us>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.BSI.3.95.970103145311.4534A-100000@gold.interlog.com>
On Fri, 3 Jan 1997, jamie wrote:
> :On Thu, 2 Jan 1997, Angel Ortiz wrote:
> :[...]
> :> System: UNIX Ware systems with X
> :>
> :> Symptom:
> :> /usr/X/bin/xdm is setuid
> :[...]
> :> Any way, please verify xdm setuid on your systems and please let the
> :> bugtraq news group know if it exists on other systems.
>
> BSDi 2.1 is also not vulnerable. Even if it was suid, this problem can
> be (briefly) alleviated by popping it in you respectice /etc/rc.* file as
> opposed to starting it as a user.
>
And what is the reason to start xdm as user? I can understand why some
perverted minds may want setuid X server (not that I think, it's any
smart), but xdm? User will still get the login box anyway, and there won't
be a way to stop xdm unless it's remained attached to the terminal (what
is insecure)... xdm is a server, other users may depend on, and if there
is no other possible users, there won't be any need in starting xdm
manually anyway. It's the same as, say, having setuid root inetd that
won't start by the startup script and will be used by a regular users to
enable network services. Or setuid root ftpd, so users will be able to
enable FTP access... Or httpd... Or sendm... Oops, this one exists, even
though the only thing it needs to do as root is listening to his port 25
and setuid to users to write mailboxes what could be safely done by
separate small program, always running as root, but this is a separate
issue.
--
Alex
