richb@sunchat.UUCP (Rich Burridge) (02/20/89)
Please reply directly to Ian Dall at the address below, or to the
comp.windows.x / xpert mailing list.
--- Forwarded mail from idall@augean.OZ (Ian Dall)
From: idall@augean.OZ (Ian Dall)
Subject: Why is xterm suid root.
Message-Id: <453@augean.OZ>
Date: 16 Feb 89 03:04:16 GMT
Reply-To: idall@augean.OZ (Ian Dall)
Organization: Engineering Faculty, University of Adelaide, Australia
When X is installed, xterm gets its suid bit set by default. Also the
release notes advise you to check the suid bits on xterm.
When xterm has its suid bit set and I type xinit as root it works
fine, but if I type xinit as Joe_User the stipple pattern comes up,
but no X cursor or xterm window. If I turn OFF the xterm suid bit
Joe_User can xinit just fine and as far as I can tell everything works
properly.
Curiously, there is no problem if xterm is started from a .xinitrc file
instead of just using the default.
Why is xterm suid? As far as I can tell nothing breaks if it is NOT
suid and if it IS suid it sometimes doesn't work if the effective uid
is not equal to the real uid.
This is XV11R3 on a Sun 3/60 running Sun Os 3.5. /usr/bin/X11 points
to a NFS mounted partition which is mounted with suid as a file system
mount parameter. Turning the suid mount parameter off has exactly the
same effect as turning off the suid bit on the xterm file itself.
--
Ian Dall life (n). A sexually transmitted disease which afflicts
some people more severely than others.
idall@augean.oz
--- End of forwarded message from idall@augean.OZ (Ian Dall) bob@tinman.cis.ohio-state.edu (Bob Sutterfield) (02/21/89)
In article <8902191022.AA28931@sunchat.sun.oz> idall@augean.OZ (Ian Dall) writes:
Why is xterm suid?
It needs to be able to update /etc/utmp for who(1), w(1), and
finger(1) to see that you exist.jim@EXPO.LCS.MIT.EDU (Jim Fulton) (02/21/89)
It wants to chown and chmod the pseudo-terminal.
brsmith@umn-cs.CS.UMN.EDU (Brian R. Smith) (02/21/89)
In article <BOB.89Feb20111940@tinman.cis.ohio-state.edu> bob@tinman.cis.ohio-state.edu (Bob Sutterfield) writes: > Why is xterm suid root? > >It needs to be able to update /etc/utmp for who(1), w(1), and >finger(1) to see that you exist. Which is a VERY bad thing on a Sequent - if init or the kernel discovers that the number of entries in /etc/utmp is larger than your license allows, your machine will IMMEDIATELY shutdown and (from looking at the source; I haven't tried it) not go multi-user again. So we can't run xterm suid root. On all of our Suns, however, /etc/utmp is world read/writable. We don't need to run xterm suid root. I don't think that this is a big problem, but it would be nice (love that passive voice) if it were printed in BIG, BOLD letters in the installation instructions. Brian brsmith@umn-cs.cs.umn.edu
gordonp@oblio.UUCP (Gordon Prieur) (02/21/89)
In article <8902191022.AA28931@sunchat.sun.oz>, richb@sunchat.UUCP (Rich Burridge) writes: > Why is xterm suid? As far as I can tell nothing breaks if it is NOT > suid and if it IS suid it sometimes doesn't work if the effective uid > is not equal to the real uid. > If xterm isn't suid, it can have trouble opening pseudo ttys. If the ptty is both readable and writeable, the xterm will succeed. If not, it will silently fail. This is the only problem I've found with an xterm which wasn't suid. Gordon Prieur Acer Counterpoint