[5690] in bugtraq
Re: XFree86 insecurity
daemon@ATHENA.MIT.EDU (Czako Krisztian)
Mon Nov 24 23:35:10 1997
Date: Sat, 22 Nov 1997 02:50:31 +0100
Reply-To: Czako Krisztian <slapic@FIDO.HU>
From: Czako Krisztian <slapic@FIDO.HU>
X-To: shegget <root@SHEGG.RH1.IIT.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.971121183345.723A-100000@shegg.rh1.iit.edu>
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 21 Nov 1997, shegget wrote:
> Program: XF86_*, the XFree86 servers (XF86_SVGA, XF86_VGA16, ...)
> Version: Tested on XFree86 3.3.1 (current), 3.2.9 and 3.1.2.
> Other versions as well.
> OS: All
Except Debian Linux, where the X servers aren't setuid root!
> Impact: The XFree86 servers let you specify an alternate configuration
> file and do not check whether you have rights to read it.
> Any user can read files with root permissions.
One more reason to use Debian :)
On my Debian 1.3.1 + hamm upgarde (XFree86 3.3.1):
bash-2.00$ ls -l /usr/X11R6/bin/X*
- -rwsr-xr-x 1 root root 4728 Oct 18 06:58 /usr/X11R6/bin/X
- -rwxr-xr-x 1 root root 820544 Jun 20 16:41 /usr/X11R6/bin/XF86Setup
- -rwxr-xr-x 1 root root 2313580 Jul 17 15:33 /usr/X11R6/bin/XF86_S3
- -rwxr-xr-x 1 root root 1816864 Jun 20 16:41 /usr/X11R6/bin/XF86_VGA16
bash-2.00$ cd /usr/X11R6/bin/
bash-2.00$ ./X
X: you are not authorised to run the X server
bash-2.00$ dpkg -S /usr/X11R6/bin/X
xbase: /usr/X11R6/bin/X
So I suggest using this wrapper on all systems where possible.
Another solution can be running xdm, and make xdm to start the X server.
In this case you don't need the X server to be setuid root.
Slapic
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
iQCVAgUBNHY6bD1bHc+WqbNdAQGRCgQAqFhmY0ZagWuLeOa9JbG1/CS+O00TiGBy
Y6FBAFtiR/Eem6/xA85XYgoI2b6gGlh3LyDNGmalLsk0moNI8yRfmNh6LNZAK2GB
PjbvoAg4CrQN3D3XTuEGuu7+M5D3yXaNz0ErvYDwAjBJRC45zJqWweQeKYezsaKn
9QjgCP7bw9Y=
=FDkj
-----END PGP SIGNATURE-----
