Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!spool.mu.edu!think.com!snorkelwacker.mit.edu!shelby!leland.Stanford.EDU!baroque.Stanford.EDU!jim
From: jim@baroque.Stanford.EDU (James Helman)
Newsgroups: comp.sys.sgi
Subject: Re: /usr/bin/under
Message-ID: <JIM.91Mar2144703@baroque.Stanford.EDU>
Date: 2 Mar 91 20:47:03 GMT
References: <MCCALPIN.91Feb28153337@pereland.cms.udel.edu> <88458@sgi.sgi.com>
Sender: news@leland.Stanford.EDU (Mr News)
Distribution: usa
Organization: Stanford University
Lines: 24
In-Reply-To: rpw3@rigden.wpd.sgi.com's message of 1 Mar 91 22:29:30 GMT


   You lose the ability to log the user session in /etc/utmp and
   /etc/wtmp, and thus lose the ability to "see" the user with "w" and
   "who". Depending on your taste, this may or may not be a worse
   security problem than having "xterm" be setuid root.

The security loss from this is minimal as a user can inhibit utmp
logging by invoking xterm with the '-ut' switch.  As far as I know,
xterm does not log to wtmp at all.

Another problem (which also occurs under SunOS) is that if xterm is
not setuid root, the root ownership and 666 mode of the pty are not
changed.  This breaks mesg(1) and biff(1) and allows any user to read
or write to your pty.  This does does have some security ramifications.

On the other hand, I don't know of any security holes in xterm related
to it being setuid root.

-jim

Jim Helman
Department of Applied Physics			Durand 012
Stanford University				FAX: (415) 725-3377
(jim@KAOS.stanford.edu) 			Work: (415) 723-9127