Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!amdcad!ames!mailrus!tut.cis.ohio-state.edu!allosaur.cis.ohio-state.edu!bob
From: bob@allosaur.cis.ohio-state.edu (Bob Sutterfield)
Newsgroups: comp.windows.x
Subject: Re: making xload(1) susceptible to kill(1) by the invoker
Message-ID: <23160@tut.cis.ohio-state.edu>
Date: 30 Sep 88 21:11:30 GMT
References: <23067@tut.cis.ohio-state.edu> <19880930162408.7.RWS@KILLINGTON.LCS.MIT.EDU>
Sender: news@tut.cis.ohio-state.edu
Organization: The Ohio State University Dept of Computer & Information Science
Lines: 40

In article <19880930162408.7.RWS@KILLINGTON.LCS.MIT.EDU> RWS@ZERMATT.LCS.MIT.EDU (Robert Scheifler) writes:
>
>    Date: 30 Sep 88 15:55:43 GMT
>    From: allosaur.cis.ohio-state.edu!bob@ohio-state.arpa  (Bob Sutterfield)

How did that "ohio-state.arpa" get in there?  There's no such thing
any more!

>
>    + 	    setuid(getuid());
>
>Umm, putting this in the middle of a widget's code (that might
>be embedded in an arbitrary application) is NOT reasonable.

My rationale was that any application that uses that widget would need
to be setuid root (or at least setgid kmem), and it would be
appropriate for that application to setuid back to its invoker, so why
not do it in the widget?

But perhaps that's too much of an assumption at the widget level.  I
have repented, and backed that change out of my libXaw, and changed my
xload thusly instead:

*** clients/xload/xload.c~	Thu Feb 25 23:54:25 1988
--- clients/xload/xload.c	Fri Sep 30 15:37:23 1988
***************
*** 59,63 ****
--- 59,64 ----
      XtSetArg (arg, XtNlabel, host);
      XtCreateManagedWidget ("load", loadWidgetClass, toplevel, &arg, 1);
      XtRealizeWidget (toplevel);
+     setuid(getuid());
      XtMainLoop();
  }

Is that a more tasteful way of going about it?
-=-
Zippy sez,								--Bob
You should all JUMP UP AND DOWN for TWO HOURS while I decide
 on a NEW CAREER!!