[1289] in bugtraq
Re: safe logging xterm
daemon@ATHENA.MIT.EDU (Bogdan Pelc)
Fri Mar 17 06:24:57 1995
Date: Fri, 17 Mar 1995 10:13:58 +0100
From: Bogdan Pelc <pelc@fb3-s7.math.tu-berlin.de>
To: banz@umbc.edu
Cc: adam@bwh.harvard.edu, marg@columbia.edu, bugtraq@fc.net,
unixsys@columbia.edu
In-Reply-To: <Pine.SGI.3.91.950316174058.16291A-100000@spork.acs.umbc.edu> (message from Robert Banz on Thu, 16 Mar 1995 17:42:07 -0500 (EST))
>>>>> "RB" == Robert Banz <banz@umbc.edu> writes:
RB> On Tue, 14 Mar 1995, Adam Shostack wrote:
>> Margarita Suarez wrote:
>>
>> | we have modified xterm to make use of the POSIX saved id where
>> possible; | otherwise, it uses setreuid() to switch back and forth
>> between user and | superuser. we provide enable() and disable()
>> functions which swap the | euid and ruid so that the running xterm can
>> give up root and take it | back.
>>
>> | can anyone see a problem with this fix?
>>
>> Yes, it leaves setuid on a program that is way too large. Xterm tends
>> to be setuid so it can write to utmp. Thats a bad reason to make a
>> large program setuid.
RB> Hm. Why not make utmp group "bob" writable, and make xterm setgid
RB> "bob"?
[... TEXT DELETED ...]
I've done it (and made
chown root.utmp /dev/tty{p,q,r,s}
chmod 662 /dev/tty{p,q,r,s}
(but I called this empty group utmp, not bob ;-))).
You get problems, because:
1) xterm wants to call chown, but it is not possible unless it is SUID-root
2) xterm does not make chmod, if chown failed.
so the pseudo terminal (ttyp) has the following access rights:
root system 666 /dev/ttyp?
should be :
user system 622 /dev/ttyp (only write access for group and world).
3) until "mesg -n" is not SUID-root, it can not change the rights of ttyp
so everybody can read from you tty :-((
Under AIX 3.2.{4,5} there is a solution. You have to make
chown root.utmp /dev/pts (the slave of tty)
And everything works fine.
I've tried several ways to get around this problem on other UNIX-types
(BSD for example), but it did not work.
My idea was to make also USER named utmpusr und to make xterm SUID-utmpusr
und chown utmpusr /dev/tty{p,q,r,s}*, but it didn't work also :-((
In this case kernel was not able to free the ttyps after they were no more
in use.
____________________________________________________________________________
Bogdan Pelc; Sekr. 6-3, Ma666; Tel: 030-31425746, 030-31422491
pelc@math.tu-berlin.de
Do You realize , that this world is totally FUGAZI, where are the poets,
where are the visionaries ... (FISH)
