[6679] in bugtraq
Re: hole in turbolinux 1.2 default xinitrc
daemon@ATHENA.MIT.EDU (Scott Stone)
Tue May 5 21:51:00 1998
Date: Wed, 6 May 1998 09:46:48 +0900
Reply-To: Scott Stone <sstone@UME.PHT.CO.JP>
From: Scott Stone <sstone@UME.PHT.CO.JP>
X-To: Jeremy Brand <jbrand@WILLY.WSC.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.980501155756.17160A-100000@willy.wsc.edu>
On Fri, 1 May 1998, Jeremy Brand wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> Anyone running X11 on a turbo linux 1.2 system (who has not modified
> anything) is most likely affected.
>
> I attempted to notify the author here first, but it bounced... so here you
> go.
>
> - -jeremy brand
Hm, well, I'm the TurboLinux guy.. I think the bug is specific to TL, it
probably doesn't affect RH (btw, TL 1.2 is NOT based on redhat 5... 1.0 is
sort of based on RH4.2, but 1.2 isn't really RH5 based...)
Anyway, just comment out the line to fix it. I'll try to put an
updated xinitrc package soon to make a more 'permanent' fix. Of course,
2.0 will have it fixed as well.
I'll check and see why 'sstone@turbolinux.com' is bouncing, too.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Prediction is very difficult, especially of the future.
> -- Niels Bohr
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> jbrand@willy.wsc.edu http://kittynet.wsc.edu/~jbrand/PGP-KEY
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> - ---------- Forwarded message ----------
> Date: Fri, 1 May 1998 11:21:55 -0500 (CDT)
> From: Jeremy Brand <jbrand@willy.wsc.edu>
> To: sstone@turbolinux.com
> Subject: hole in turbolinux 1.2 default xinitrc
>
> Scott,
>
> this appears to open up many holes on systems. if it is needed to let
> apps start up, i would recommend:
>
> $ xhost +$HOSTNAME$DISPLAY
>
> or in a pinch
> $ xhost +localhost
>
> or (my favorite)
> not at all.
>
> - ----
> this is the default xinitrc on Turbolinux 1.2 systems. anyone see a hole?
> being that Turbolinux 1.2 is based on Red Hat 5, RH5 may have this hole
> too.
>
>
> Turbolinux 1.2
> - --snip-- from /etc/X11/xinit/xinitrc
> #START_STARTUP_APPS
> xhost +
> #END_STARTUP_APPS
>
> thanks,
> - -jeremy
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Law of Software Envelopment:
> ``Every program attempts to expand until it can read mail.
> Those programs which cannot so expand are replaced by ones which can.''
> from Jamie Zawinski
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> jbrand@willy.wsc.edu http://kittynet.wsc.edu/~jbrand/PGP-KEY
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQEVAwUBNUo4HkO2qj5xP0LdAQGHlwf9GrTy04xppPzV4Ym4tPqVm4NFkYjq/yob
> KDPSaYSiXDjNuFFt1iGess53+CodKTkqQEdfVFhxJpCU5maI9v40S6d6uEU19R0e
> x6AKGrSYB1lQIWSXrDpgl7++KvqvvvtWKfUI4Au0bBT9lI9zujITAy/RMxZrvFpE
> IhpEpj2rmf5amJ42PpcQoeqakiM25oGtTcbft6jZHWd5/5tPd3ZSeWxgKjijon0a
> i56WXzo/8cSHwlJIGpe2huRb1AXTMATYzW/HKDQD7KELzHBW4gZ78T5anYnyl0z9
> NDaNZNEm4pKHi3OaMK8dEqf98iX8JhKwdDZmgyzXVB0QyFglsHT7lg==
> =LT7h
> -----END PGP SIGNATURE-----
>
--------------------------------------------------
Scott M. Stone <sstone@pht.com, sstone@turbolinux.com>
<sstone@pht.co.jp>
Linux Developer/Systems Administrator for Pacific HiTech, Inc.
http://www.pht.com http://armadillo.pht.co.jp
http://www.pht.co.jp http://www.turbolinux.com
