[2817] in testers
Re: sun4 [8.0A]: xterm
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed May 15 16:50:16 1996
To: Jonathon Weiss <jweiss@MIT.EDU>
Cc: testers@MIT.EDU
In-Reply-To: Your message of "Wed, 15 May 1996 14:22:26 EDT."
<199605151822.OAA00718@the-other-woman.MIT.EDU>
Date: Wed, 15 May 1996 16:49:47 EDT
From: Greg Hudson <ghudson@MIT.EDU>
> However, before we just go and give this xterm a setuid bit, I seem
> to recall a bug that prevented xterm loggin in AFS, and wos strongly
> related to a security hole in xterm logging. Have these bugs been
> fixed in the openwin xterm?
small-gods% truss xterm -l -lf /etc/vold.conf | & grep vold
access("/etc/vold.conf", 0) = 0
access("/etc/vold.conf", 2) Err#13 EACCES
It appears that xterm is using access() to determine if the real uid
can write to the log file. This is a security hole (there's a race
where you move a symlink to point to a different file in between the
access() and open() calls).
On a separate note, /bin/w and /usr/athena/bin/finger give entries for
all my xterms (despite xterm not being setuid), but /bin/finger does
not. I don't know why yet.
