Date: Sat, 17 Oct 1998 09:52:44 +1000 From: David Dawes <dawes@rf900.physics.usyd.edu.au> To: andrew@squiz.co.nz, security@FreeBSD.ORG Subject: Re: X allows ordinary user to read first line of any file Message-ID: <19981017095244.E24991@rf900.physics.usyd.edu.au> In-Reply-To: <Pine.BSF.4.01.9810161756550.706-100000@aniwa.sky>; from Andrew McNaughton on Fri, Oct 16, 1998 at 06:08:02PM %2B1300 References: <Pine.BSF.4.01.9810161756550.706-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 16, 1998 at 06:08:02PM +1300, Andrew McNaughton wrote: > >found this on http://www.hoobie.net/security/exploits/ > >joeuser@host$ X -config /etc/master.passwd >Unrecognized option: root:yd0Rj.v.r1wKA:0:0::0:0:Charlie >use: X [:<display>] [option] >. >. >. > >I'm sure there's other files where this can be a problem, but in the case >of the password file it seems wise to have a dummy entry as the first line >of the master.passwd file. To put this problem into perspective, if you're running an XFree86 server with this bug, then it is old enough to have some much more serious security problems. That includes at least one that a local user can use to get root. That particular one only relies on the server running as root and not on it being set-uid root. Most of these bugs are not XFree86-specific, and will be present in any server based closely enough on the X11R6.x releases that have the same bugs. For details on the bugs found and fixed since XFree86 3.3.2 was released, see the XFree86 security advisories at: ftp://ftp.xfree86.org/pub/XFree86/Security/ All of the problems mentioned there are fixed in XFree86 3.3.2.3. David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981017095244.E24991>