*BSD News Article 78769


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!usenet
From: tom@oliverdesign.com (Thomas B. Fox)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: X security hole- how to fix?
Date: Fri, 20 Sep 1996 15:03:41 GMT
Organization: Oliver Design, Inc.
Lines: 17
Message-ID: <3242b169.50203808@news.scruz.net>
NNTP-Posting-Host: 205.179.167.58
X-Newsreader: Forte Agent .99e/32.227


Hello all.


I recently setup a FreeBSD 2.1.5R machine that serves up www, ftp,
dns, and popmail. I have been tinkering with eXodus on my win95
machine to run xclients from the bsd machine.  I noticed that no
matter who I login as on the bsd machine when I start an xterm to
another machine (such as my 95 machine) that xterm has root 
access. Obviously this is a BIG problem, how can I fix it? No one
besides myself and our other MIS guy will have access to shell
anyways, but I'd still like to plug the hole before it starts leaking.


Thanks in advance!

Tom