Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA6996 ; Fri, 15 Jan 93 16:08:03 EST Xref: sserve comp.unix.bsd:10072 comp.windows.x.i386unix:306 Newsgroups: comp.unix.bsd,comp.windows.x.i386unix Path: sserve!manuel.anu.edu.au!munnari.oz.au!uunet!zaphod.mps.ohio-state.edu!rpi!jfritz From: jochen fritz <jfritz@rdrc.rpi.edu> Subject: Re: xfree86 only works for root? Message-ID: <h!f32hq@rpi.edu> Sender: jfritz@ptolemy0.rdrc.rpi.edu Nntp-Posting-Host: ptolemy0.rdrc.rpi.edu Organization: Rensselaer Polytechnic Institute, Troy, NY References: <MfIsYa600WBMM8XVtb@andrew.cmu.edu> <1j0q48INNmq1@matt.ksu.ksu.edu> <1993Jan17.143000.28887@cbnewsh.cb.att.com> Date: Sun, 17 Jan 1993 22:25:32 GMT Lines: 33 In article <1993Jan17.143000.28887@cbnewsh.cb.att.com> billc@pegasus.ATT.COM (Bill Carpenter) writes: > . . . . >However, there are a couple of other options which my come in handy >for those in places where it's less convenient to have yet annother >setUid program. > >[1] On Suns and many other places, /etc/utmp is 0666 perms, so anyone >can write into it. I don't know what the security implications are, >but it cures this xterm problem. > >[2] There is an option for xterm to tell it to not bother trying to >write in /etc/utmp. I think it's "-ut", but I don't have the man page >handy. (On the other hand, my xterm isn't can't write into /etc/utmp >and I don't use that option. Yet, my xterms run without complaining, >so there may be something to that PTY stuff on your system after all.) > There is a third, and IMHO far more iomportant reason: xterm will chown the slave end of the pty (/dev/ttyp*). This allows it to then chmod the pty to rw--w--w-, so that only the user of the xterm can read from it or send commands to the user's shell to be executed by him. This also prevents putting a trojan on the pty to snoop the user's commands, and allows the user to chmod the terminal 700 if others are causing problems. -joe (jfritz@rdrc.rpi.edu) -- -joe (jfritz@rdrc.rpi.edu)