Hello,
For a few weeks now, the XFree86 CVS has included a new utility
``luit'' under xc/programs/luit.
Luit does not cause any obvious security issues on systems with SVR4
ptys (SVR4, Linux 2.2 with libc 2.1.0 or later). On systems without
SVR4 ptys, however, luit falls back to using BSD ptys. If it is run
as an ordinary user, luit is unable to set the pty's permissions (this
is an intrinsic limitation of BSD ptys).
On such systems, luit should be run suid root. While I have tried to
make this secure, I am a perfect newbie as far as security is
concerned, and would be very, very grateful if somebody competent
could go search through luit's startup code for security issues.
(In 4.2.0, luit will *not* be installed suid root. Hopefully somebody
can confirm that making luit suid root is safe in time for 4.3.0.)
There is an additional issue: luit will only accept to run as root on
systems with _POSIX_SAVED_IDS defined, as these are the only systems
on which I know how to reliably drop priviledges. I am told that this
is not the case of FreeBSD, which provides different (non-POSIX) means
of dropping priviledges. Thus, I would be grateful if some FreeBSD
person could add the necessary support. This should be a simple
matter: just add a suitable version of ``droppriv'' in luit/sys.c.
Thanks a lot,
Juliusz
_______________________________________________
Xpert mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xpert
