Date: Tue, 23 Jan 1996 13:00:56 +0000 () From: Dmitry Kohmanyuk <dk@dog.farm.org> To: freebsd-security@freebsd.org Subject: rxvt security hole - proposed fix + more Message-ID: <199601231300.PAA00906@dog.farm.org>
next in thread | raw e-mail | index | archive | help
since now everybody probably knows about it, I wouldn't explain
(just go to linux.announce ;-))
What I have done on my system is make rxvt setgid tty instead of
suid root and make /var/run/wtmp and /var/log/wtmp group-writeable tty.
This also requires modifying /etc/rc:
(cd /var/run && { rm -rf -- *; cp /dev/null utmp; chgrp tty utmp; chmod 664 utmp; })
and adding this line /etc/monthly:
chgrp tty wtmp; chmod g+w wtmp
If you think that tty is a wrong group for user accounting files, it can be
changed to some other one.
in my 2.0.5 system, only these programs are setgid tty:
/usr/bin/wall
/usr/bin/write
/sbin/dump
/sbin/rdump
/sbin/restore
/sbin/rrestore
(not including screen and rxvt, which I have made setgid tty by hand instead
of setuid root).
And yes I know rxvt have to be fixed to drop its privileges when using
-print-pipe anyway.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601231300.PAA00906>