lam@pollux.usc.edu (Curtz Lam) (09/05/90)
I remember seeing articles on how to make xterm not setuid, would any kind souls please forward those articles to me? My problem is described below, any help is appreciated. I installed X11R4 library under SunOS 4.1 in a directroy other than /usr/lib. Everything seems fine except xterm cannot find the required shared libraries. I understand the problem is because xterm is setuid and ld only looks at /usr/lib for setuid programs. I guess my problem is whether there is a way to make xterm not setuid? or force ld to look in other directories? (with potential security problems). The way I am running it now is to make symbolic links in /usr/lib to point to the correct libraries, I am wondering if there is an easier way to do this. Curtz -- ------ INTERNET: lam@usc.edu BITNET: curtz@gamera UUCP: ...!uunet!usc!lam
mouse@LARRY.MCRCIM.MCGILL.EDU (09/05/90)
> I installed X11R4 library under SunOS 4.1 in a directroy other than > /usr/lib. Everything seems fine except xterm cannot find the > required shared libraries. Funny, we had no problem under 4.1. We didn't even have to run ldconfig. (Not unless "make World" did that for us and I didn't notice.) Well, in any case.... My advice would be to link the setuid/setgid programs (xterm, xload, I think there's one other) with -Bstatic, to make them independent of the dynamic libraries. You can turn off xterm's setuid bit, but then it will be unable to write entries in utmp (unless you make utmp world-writable, which opens up other security holes). der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu
cflatter@ZIA.AOC.NRAO.EDU (Chris Flatters) (09/05/90)
> I installed X11R4 library under SunOS 4.1 in a directroy other > than /usr/lib. Everything seems fine except xterm cannot find the > required shared libraries. I understand the problem is because xterm > is setuid and ld only looks at /usr/lib for setuid programs. I guess > my problem is whether there is a way to make xterm not setuid? or > force ld to look in other directories? (with potential security > problems). The way I am running it now is to make symbolic links in > /usr/lib to point to the correct libraries, I am wondering if there is > an easier way to do this. You could also specify the directory containing the X11 libraries using the -L option to cc when you build xterm. The OS then treats this directory a "trusted" as far as xterm is concerned. Chris Flatters