[1287] in bugtraq
Re: safe logging xterm
daemon@ATHENA.MIT.EDU (Robert M. Haas)
Fri Mar 17 03:36:40 1995
To: Robert Banz <banz@umbc.edu>
Cc: Adam Shostack <adam@bwh.harvard.edu>, Margarita Suarez <marg@columbia.edu>,
bugtraq@fc.net, unixsys@columbia.edu
In-Reply-To: Your message of "Thu, 16 Mar 1995 17:42:07 EST."
<Pine.SGI.3.91.950316174058.16291A-100000@spork.acs.umbc.edu>
Date: Thu, 16 Mar 1995 23:13:54 -0800
From: "Robert M. Haas" <rhaas@cygnus.arc.nasa.gov>
> > Yes, it leaves setuid on a program that is way too large. Xterm tends
> > to be setuid so it can write to utmp. Thats a bad reason to make a
> > large program setuid.
> Hm. Why not make utmp group "bob" writable, and make xterm setgid "bob"?
Doesn't xterm also need to chown() some devices to the user logging in?
It seems that xterm should only need root on startup and exit, though.
If someone wrote a wrapper to take care of the stuff that xterm does on
exit, (which could be small and setuid) then xterm could just exec() that
when it exited. Of course you the wrapper would need to be reasonably
smart about not letting people remove themselves from utmp who weren't
really logging out. Maybe it could refuse to run if there were any
processes who had that tty was their controlling terminal other than
itself? Just a thought.
...Robert
