Path: utzoo!attcan!uunet!wuarchive!sdd.hp.com!ucsd!pacbell.com!att!emory!ra!Ra.MsState.Edu!fwp1
From: fwp1@CC.MsState.Edu (Frank Peters)
Newsgroups: comp.windows.x
Subject: Security Hole in setuid xterm
Message-ID: <FWP1.91Feb6083843@Jester.CC.MsState.Edu>
Date: 6 Feb 91 14:38:43 GMT
Sender: usenet@ra.MsState.Edu
Distribution: comp
Organization: Computing Center, Mississippi State University
Lines: 15
Nntp-Posting-Host: jester.cc.msstate.edu

Hello,

Could someone send me the exact nature of the known security problems
with a setuid xterm under SunOS (4.1 in our case)?  Specifically I'd
like to know if a statically linked xterm eliminates this problem (I
believe it is related to fooling shared libraries)?

We have problems with unwanted talk requests on our central server,
but users can't use mesg from an xterm (because device ownership isn't
changed from root to the user).

FWP
--
Frank Peters   Internet:  fwp1@CC.MsState.Edu         Bitnet:  FWP1@MsState
               Phone:     (601)325-2942               FAX:     (601)325-8921