Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!deccrl!news.crl.dec.com!shlump.nac.dec.com!netrix.nac.dec.com!lan_csse From: lan_csse@netrix.nac.dec.com (CSSE LAN Test Account) Newsgroups: comp.windows.x Subject: Re: Xterm cannot write log files Message-ID: <22173@shlump.nac.dec.com> Date: 18 Apr 91 20:52:43 GMT References: <9104100652.AA06486@lightning.McRCIM.McGill.EDU> <1991Apr10.222541.14268@ux1.cso.uiuc.edu> Sender: news@shlump.nac.dec.com Organization: Digital Equipment Lines: 35 In article <1991Apr10.222541.14268@ux1.cso.uiuc.edu> phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN) writes: >mouse@lightning.mcrcim.mcgill.EDU (der Mouse) writes: > >>> Is there any pressing reason for xterm to be suid root ? > >>Not unless you want utmp entries for your xterm windows. (Unless you >>make utmp world-writeable, which opens up other, fairly serious, >>security holes, but that may be acceptable in trusting environments.) > >An alternate strategy that involves UNIX's "philosophy" of having extra >processes: There's an alternate Unix philosophy, that of using group permissions, that just might do the job. /etc/utmp is usually in the system group. So why not make it group writable, and make xterm setgid-system? This seems like the way things really oughta be done, and you do away with yet another spuriously-setuid-root program. I think I'll try it on a few systems, and see what breaks... ...Nope, nothing broke. I started up a bunch of windows to/from this system, did an assortment of rlogins, and so on, verified that the new windows corresponded to entries in /etc/utmp, and everything seems to work fine. When I type ls -ldg /etc/utmp `which xterm` the result is: -rw-rw-r-- 1 root system 1512 Apr 18 16:47 /etc/utmp -rwxr-sr-x 1 root system 387072 Aug 31 1990 /usr/bin/X11/xterm So I'd conclude that, unless I've missed something suble, setuid-root isn't necessary for xterm, and setgid-system suffices, if all the appropriate files are in the system group and are group writable. It might help if we could get a definitive list of just what files xterm wants to write. Now if such a demo only worked so well for sendmail, which really *really* shouldn't be setuid-root but almost always is...