Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!ucbvax!bloom-beacon!LARRY.MCRCIM.MCGILL.EDU!mouse
From: mouse@LARRY.MCRCIM.MCGILL.EDU (der Mouse)
Newsgroups: comp.windows.x
Subject: Re:  xterm is setuid - why? Dangerous?
Message-ID: <9004070510.AA18663@Larry.McRCIM.McGill.EDU>
Date: 7 Apr 90 05:10:15 GMT
Sender: daemon@athena.mit.edu (Mr Background)
Organization: The Internet
Lines: 31

> I am running Mit X11R4 on a sun 3/80, SunOs 4.0.3.

> I did the make and install as me, not as root.

> Xterm got installed setuid, owned by me.

> Why is it setuid?

So it can write the utmp entry, if nothing else - it expects to be
setuid root.

> Should it be setuid root?

Yes.

> Is this a security hole?

Probably not.  I can't be certain; (a) I don't know xterm and (b)
nothing the size of xterm is ever bug-free.

> Can I just run it non-setuid?

Certainly.  But you won't get utmp entries for your windows unless you
make utmp world-writable (or at least you-writable), which opens up
another security hole.  (Of course, depending on your environment, this
may not matter.)

					der Mouse

			old: mcgill-vision!mouse
			new: mouse@larry.mcrcim.mcgill.edu