[6819] in bugtraq
Re: quickie fix to xdm port problem
daemon@ATHENA.MIT.EDU (Ian Goldberg)
Tue May 26 14:33:05 1998
Date: Fri, 22 May 1998 00:34:09 GMT
Reply-To: Ian Goldberg <iang@CS.BERKELEY.EDU>
From: Ian Goldberg <iang@CS.BERKELEY.EDU>
X-To: bugtraq@crimelab.com
To: BUGTRAQ@NETSPACE.ORG
In article <199805191416.IAA10325@cybers0d20.cg.wave.shaw.ca>,
id est <mrn@SHAW.WAVE.CA> wrote:
>When "xdm" starts up, it creates a random high-numbered port
>that is apparently vulnerable to buffer overruns. The following
>is an extremely stone-knives-and-bearskins hack to deal with
>this problem, useful for those of us who just run X on a single
>machine and don't use "chooser".
>
>Get the source for "xdm" and comment out the line
>
> chooserFd = socket (AF_INET, SOCK_STREAM, 0);
>
>in the file "socket.c". Build and install. That's it.
>
>This closes that particular hole, abeit crudely. xdm starts
>up, seems to run normally, and does not create that random high-
>numbered port.
This is _still_ there?! I sent them a patch for this like _years_ ago!
I still have their response (but I don't seem to still have the message I
sent which contains the patch):
> Subject: Re: xdm does not close chooserFd on fork
> In-Reply-To: Message from iagoldbe@calum.csclub.uwaterloo.ca of 31 Jul 95 9:41:36 EDT
> <199507311341.JAA10454@calum.csclub.uwaterloo.ca>
> X-Bugs-Incarnation: gildea@x.org
> Date: Wed, 20 Sep 1995 15:42:09 EDT
> From: X Bug Reports <bugs@x.org>
>
> Thank you for sending a bug report to xbugs@x.org. Nice analysis.
> Your report has been tagged and entered into the X bug database.
>
> xbugs@x.org
Ugh.
- Ian
