Path: utzoo!attcan!uunet!ns-mx!iowasp.physics.uiowa.edu!maverick.ksu.ksu.edu!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!news.funet.fi!hydra!poros!kankkune
From: kankkune@cs.Helsinki.FI (Risto Kankkunen)
Newsgroups: comp.windows.x
Subject: Security problem with X11R4
Message-ID: <9166@hydra.Helsinki.FI>
Date: 19 Nov 90 13:51:15 GMT
Sender: news@cs.Helsinki.FI
Organization: University of Helsinki, Department of Computer Science
Lines: 16


Some time ago I posted a message asking, is it sensible that the X
programs get built with relative library paths in them. I did't see any
follow-ups on that and only got one reply by e-mail, from Per Hedeland.
We discussed the matter with Per, and he tested whether my concerns
were justified. It turned out that I was right:

     Anyone can gain root access within a few minutes
     on systems with X11R4 built in the standard way.

Is this a known problem and I should shut up?

Risto
 Risto Kankkunen                   kankkune@cs.Helsinki.FI (Internet)
 Department of Computer Science    rkankkunen@finuh         (Bitnet)
 University of Helsinki, Finland   ..!mcvax!uhecs!kankkune   (UUCP)