Package: xbase
Version: 3.2-1.1
In debian xterm is suid to root. There are no reason for that since it can
get write access to the neded log files (/var/log/wtmp, /var/log/lastlog
and /var/run/utmp) with a proper sgid and group write access for the
log files.
A program should never be suid if it can be done with just sgid.
/Bo Branten
Subject: Bug#7112: xterm is unnesesary suid to root
Date: Fri, 7 Feb 97 18:59 GMT
Bo Branten:
> In debian xterm is suid to root. There are no reason for that since it can
> get write access to the neded log files (/var/log/wtmp, /var/log/lastlog
> and /var/run/utmp) with a proper sgid and group write access for the
> log files.
No, xterm needs to be setuid root in order to do tty/pty allocation in
a way that results in a secure session inside the xterm.
When a general solution to this problem is available then xterm should
use it, but until then it should remail setuid root.
I'm retitling this bug and merging it with #988, in which I reported
that `script' is insecure (because it isn't setuid root - and isn't
written to be - and so can't do proper pty allocation).
Ian.
This is an automated message sent to all bugs older than one year.
This bug is very old. Please take a look at it and see if you can fix it.
If it has already been fixed, please close it.
If you have problems fixing it or if you don't have the time to fix it,
please ask the people on [email protected] for help, so that
at least the oldest bugs can be solved before Debian 2.0 is released.
Remco Blaakmeer
reassign 7112 xbase
--
This bug was assigned to "general" and hence was getting completely
forgotten about. I'm reassigning it back to xbase, since that is where
the complaint lies. If this has been solved, please close this bug.
Brian
( [email protected] )
-------------------------------------------------------------------------------
Touch passion when it comes your way. It's rare enough as it is;
don't walk away when it calls you by name. -- Marcus (Babylon 5)
We believe that the bug you reported is fixed in the latest version of
xfree86-1, which has been installed in the Debian FTP archive:
xlib6g_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xlib6g_3.3.4-1.deb
replacing xlib6g_3.3.3.1-10.deb
xserver-svga_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-svga_3.3.4-1.deb
replacing xserver-svga_3.3.3.1-10.deb
xserver-mach8_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-mach8_3.3.4-1.deb
replacing xserver-mach8_3.3.3.1-10.deb
xterm_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xterm_3.3.4-1.deb
replacing xterm_3.3.3.1-10.deb
xfs_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xfs_3.3.4-1.deb
replacing xfs_3.3.3.1-10.deb
xlib6-altdev_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/oldlibs/xlib6-altdev_3.3.4-1.deb
replacing xlib6-altdev_3.3.3.1-10.deb
xvfb_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xvfb_3.3.4-1.deb
replacing xvfb_3.3.3.1-10.deb
xsm_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xsm_3.3.4-1.deb
replacing xsm_3.3.3.1-10.deb
twm_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/twm_3.3.4-1.deb
replacing twm_3.3.3.1-10.deb
xserver-mach32_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-mach32_3.3.4-1.deb
replacing xserver-mach32_3.3.3.1-10.deb
xproxy_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xproxy_3.3.4-1.deb
replacing xproxy_3.3.3.1-10.deb
xserver-agx_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-agx_3.3.4-1.deb
replacing xserver-agx_3.3.3.1-10.deb
xserver-mach64_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-mach64_3.3.4-1.deb
replacing xserver-mach64_3.3.3.1-10.deb
xserver-i128_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-i128_3.3.4-1.deb
replacing xserver-i128_3.3.3.1-10.deb
xbase_3.3.4-1_all.deb
to dists/potato/main/binary-all/x11/xbase_3.3.4-1.deb
replacing xbase_3.3.3.1-10.deb
rstartd_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/rstartd_3.3.4-1.deb
replacing rstartd_3.3.3.1-10.deb
xlib6_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/oldlibs/xlib6_3.3.4-1.deb
replacing xlib6_3.3.3.1-10.deb
xfree86-1_3.3.4-1.dsc
to dists/potato/main/source/x11/xfree86-1_3.3.4-1.dsc
replacing xfree86-1_3.3.3.1-10.dsc
xfree86-common_3.3.4-1_all.deb
to dists/potato/main/binary-all/x11/xfree86-common_3.3.4-1.deb
replacing xfree86-common_3.3.3.1-10.deb
xmh_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/mail/xmh_3.3.4-1.deb
replacing xmh_3.3.3.1-10.deb
xprt_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xprt_3.3.4-1.deb
replacing xprt_3.3.3.1-10.deb
xserver-8514_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-8514_3.3.4-1.deb
replacing xserver-8514_3.3.3.1-10.deb
xbase-clients_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xbase-clients_3.3.4-1.deb
replacing xbase-clients_3.3.3.1-10.deb
xnest_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xnest_3.3.4-1.deb
replacing xnest_3.3.3.1-10.deb
xserver-3dlabs_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-3dlabs_3.3.4-1.deb
replacing xserver-3dlabs_3.3.3.1-10.deb
xserver-mono_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-mono_3.3.4-1.deb
replacing xserver-mono_3.3.3.1-10.deb
xserver-p9000_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-p9000_3.3.4-1.deb
replacing xserver-p9000_3.3.3.1-10.deb
xlib6g-dev_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xlib6g-dev_3.3.4-1.deb
replacing xlib6g-dev_3.3.3.1-10.deb
xserver-s3v_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-s3v_3.3.4-1.deb
replacing xserver-s3v_3.3.3.1-10.deb
xserver-w32_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-w32_3.3.4-1.deb
replacing xserver-w32_3.3.3.1-10.deb
xlib6-static_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/oldlibs/xlib6-static_3.3.4-1.deb
replacing xlib6-static_3.3.3.1-10.deb
xfree86-1_3.3.4-1.diff.gz
to dists/potato/main/source/x11/xfree86-1_3.3.4-1.diff.gz
replacing xfree86-1_3.3.3.1-10.diff.gz
xf86setup_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xf86setup_3.3.4-1.deb
replacing xf86setup_3.3.3.1-10.deb
rstart_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/rstart_3.3.4-1.deb
replacing rstart_3.3.3.1-10.deb
xlib6g-static_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xlib6g-static_3.3.4-1.deb
replacing xlib6g-static_3.3.3.1-10.deb
xserver-vga16_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-vga16_3.3.4-1.deb
replacing xserver-vga16_3.3.3.1-10.deb
xserver-s3_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-s3_3.3.4-1.deb
replacing xserver-s3_3.3.3.1-10.deb
xserver-fbdev_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-fbdev_3.3.4-1.deb
replacing xserver-fbdev_3.3.3.1-10.deb
xserver-common_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xserver-common_3.3.4-1.deb
replacing xserver-common_3.3.3.1-10.deb
xfree86-1_3.3.4.orig.tar.gz
to dists/potato/main/source/x11/xfree86-1_3.3.4.orig.tar.gz
replacing xfree86-1_3.3.3.1.orig.tar.gz
xdm_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xdm_3.3.4-1.deb
replacing xdm_3.3.3.1-10.deb
xext_3.3.4-1_i386.deb
to dists/potato/main/binary-i386/x11/xext_3.3.4-1.deb
replacing xext_3.3.3.1-10.deb
Note that this package is not part of the released stable Debian
distribution. It may have dependencies on other unreleased software,
or other instabilities. Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Branden Robinson <[email protected]> (supplier of updated xfree86-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.6
Date: Wed, 25 Aug 1999 21:16:27 -0500
Source: xfree86-1
Binary: xfree86-common xserver-i128 xserver-common xlib6 xext xserver-xsun xserver-svga xmh xprt xserver-8514 xterm xbase xserver-p9000 xsm xserver-tga twm xlib6g-dev xlib6-static xserver-agx xf86setup xserver-mach64 rstart xserver-vga16 xlib6g-static xserver-s3 xserver-fbdev rstartd xdm xlib6g xserver-mach8 xserver-xsun24 xserver-xsun-mono xfs xnest xlib6-altdev xbase-clients xserver-3dlabs xserver-mono xvfb xserver-w32 xserver-s3v xserver-mach32 xproxy
Architecture: source i386 all
Version: 3.3.4-1
Distribution: unstable
Urgency: low
Maintainer: Branden Robinson <[email protected]>
Description:
rstart - remote start client
rstartd - remote start daemon
twm - Tab window manager
xbase - XFree86 upgrade convenience package
xbase-clients - miscellaneous X clients
xdm - X display manager
xext - extensions to X servers
xf86setup - X server configuration tools
xfree86-common - X Window System (XFree86) infrastructure
xfs - X font server
xlib6 - shared libraries required by libc5 X clients
xlib6-altdev - include files and libraries for libc5 X client development
xlib6-static - statically linked versions of the libraries in xlib6
xlib6g - shared libraries required by X clients
xlib6g-dev - include files and libraries for X client development
xlib6g-static - statically linked versions of the libraries in xlib6g
xmh - X interface to MH mail system
xnest - nested X server
xproxy - X proxy services
xprt - X print server
xserver-3dlabs - X server for 3DLabs GLINT and Permedia-based graphics cards
xserver-8514 - X server for ATI 8514/A-based graphics cards
xserver-agx - X server for IBM XGA and IIT AGX-based graphics cards
xserver-common - files and utilities common to all X servers
xserver-fbdev - X server for framebuffer-based graphics drivers
xserver-i128 - X server for Number Nine Imagine 128 graphics cards
xserver-mach32 - X server for ATI Mach32-based graphics cards
xserver-mach64 - X server for ATI Mach64-based graphics cards
xserver-mach8 - X server for ATI Mach8-based graphics cards
xserver-mono - X server for monochrome graphics cards and/or monitors
xserver-p9000 - X server for Weitek P9000-based graphics cards
xserver-s3 - X server for S3 chipset-based graphics cards
xserver-s3v - X server for S3 ViRGE and ViRGE/VX-based graphics cards
xserver-svga - X server for SVGA graphics cards
xserver-vga16 - X server for VGA graphics cards
xserver-w32 - X server for Tseng ET4000/W32 and ET6000-based graphics cards
xsm - X session manager
xterm - X terminal emulator
xvfb - virtual framebuffer X server
Closes: 711216350285823312941229413754253642606
Changes:
xfree86-1 (3.3.4-1) unstable; urgency=low
.
* New upstream version.
* Upstream moved the X library manpages to the second source tarball, so
this source package no longer builds the xmanpages package.
* patches #000,000a,001,004,005,006,007,013,014 regenerated against new
upstream source (000-007 thanks to Adam Heath)
* old patches #002,003,012,016,017,018,019 are now upstream; deleted
* old patch #011 now unneeded (xterm now setgid utmp)
* old patch #015 dropped; upstream now recognizes ru_SU locale as
obsolete; not sure if ru_SU should really be an alias for ru_RU.KOI8-R
anyway
* old patch #018a dropped due to changes in upstream mach64im.c
* patch #000a: explicitly turn off 77C32 accelerated framebuffer support
for m68k
* patch #000b: do not attempt to build in the doc/ or fonts/ directories
* patch #001a: started to split non-server SPARC Linux support patches off
* patch #008: re-generated against new upstream source; dropped patches
to mach64im.c; endianness awareness is now present upstream, though
implemented differently
* patch #009: Tom Dickey's xterm patch #113
* patch #011: changed Imakefiles to work around alleged egcs optimization
breakage of netscape (Adam Heath)
* patch #012: more careful handling of xauth cookies (Closes: #16350)
* patch #015: renumbered from 018b
* patch #016: renumbered from 020
* patch #017: renumbered from 021 and un-preprocessed
* patch #018: renumbered from 022
* patch #019: renumebred from 023
* patch #020: renumebred from 024
* patch #021: patch from Ryuichi Arafune to xc/lib/X11/imDefIm.c
* patch #022: patch from Changwoo Ryu to xc/nls/XLC_LOCALE/ko
* patch #023: correct paths to utmp and wtmp files in xterm manpage
(Closes: #41229)
* debian/control:
- removed xmanpages control data
- bumped all dependencies on xserver-common to (>= 3.3.4)
- twm Provides: x-window-manager (Closes: #28582)
- xbase-clients Depends: cpp (xrdb needs it) (Closes: #42606)
- xbase-clients Conflicts: xaw-wrappers (<< 0.90) per Joey Hess
(Closes: #41375)
- updated xext extended description with new supported XInput devices
- xfree86-common Replaces: xmanpages (<< 3.3.4-1)
- xterm Provides: x-terminal-emulator (Closes: #33129)
* debian/copyright:
- updated to version 3.3.4
- All changes to XFree86 are copyright Software in the Public Interest,
Inc., and licensed under MIT terms unless otherwise noted.
* debian/create-indep-xfree86-common:
- install X, XConsortium, XStandards, and Xsecurity manpages borrowed
from xfree86-2 source package
- get rid of X.1x manpage; it's fine as X.3x
* debian/create-indep-xmanpages: deleted
* debian/libc5.{Imakefile,site.def,xfree86.cf}.diff: new files; new way
of handling build changes for libc5 compatibility packages
* debian/libc5.site.def.diff: #define BaseShLibReqs -lc even though the
comments in config/cf/lnxLib.rules say not to; the omission is actually
for pathological cases like people trying to use X clients with shared
profiling versions of libc5; since that is really damn unlikely on
potato Debian boxen, and since we need the linker to find the right C
Library in our multiple-libc environment, we go where angels fear to
tread and switch on -lc for the libc5-compatibility X libraries.
Besides, turning on -lc is Policy.
* debian/rules:
- s/\$\(dpkg/$(shell dpkg/ ARCH handling has been busted for ages because
of this (Adam Heath)
- New DEB_BUILD_* cross-compiling setup was messing up the tests for
building libc5. Fixed in debian/scripts/archmap. archmap is only
used to simplify the tests in the rules file for libc5 builds. Also,
for unknown hysterical reasons, DEB_BUILD_* uses i386, but we need
/usr/i486-linuxlibc1/bin, and archmap takes care of this. (Adam Heath)
- conditionalized some copying of xterm stuff so it doesn't presume Thomas
Dickey's patches have been applied
- stampdir targets should only depend on other stampdir targets (Adam
Heath)
- copy and patch files that need to change for the libc5 build, instead
of the old way of having old files lying around in debian/
* debian/setperms: removed reference to create-indep-xmanpages
* debian/shlibs.local: bumped up to 3.3.4-1
* debian/scripts/*: some cosmetic and very minor functional changes
* debian/twm/postinst: add update-alternatives for x-window-manager
* debian/twm/prerm: new file; add update-alternatives for x-window-manager
* debian/xbase-clients/prerm: new file; moved update-alternatives call
from postrm to here
* debian/xdm/README.Debian: updated to reflect Xaccess change
* debian/xdm/Xaccess: turned off all remote XDMCP access by default, for
paranoid security reasons; this will not affect people running xdm and
the X server on the same physical host
* debian/xfree86-common/FAQ:
- updated Project Athena info, thanks to Kevin Theobald
- added question about X servers that can't find the "fixed" font
* debian/xfree86-common/XFree86-FAQ.html: updated to latest version
* debian/xfree86-common/{X,XConsortium,XStandards,Xsecurity}.3x: manpages
borrowed from xfree86-2 source package
* debian/xfree86-common/Xsession: updated to use new alternatives
/usr/bin/x-window-manager and /usr/bin/x-terminal-emulator
* debian/xfree86-common/Xsession.5: update to reflect new Xsession
behavior
* debian/{xlib6,xlib6g}/shlibs: bumped up to 3.3.4-1
* debian/xserver-common/xserver-configure: fixed failure to actually
prompt whether the X server worked or not (thanks, Darren Stadler)
(Closes: #42536)
* debian/xterm/postinst:
- for systems with utmp group, install xterm setgid utmp, otherwise
setuid root (Closes: #7112,12261)
- add update-alternatives for x-terminal-emulator
* debian/xterm/prerm: add update-alternatives for x-terminal-emulator
Files:
db98665bfa096bc725dc023341a3644e 1117 x11 optional xfree86-1_3.3.4-1.dsc
e525fcd309db4e16f80f47b4a6b774e6 16953992 x11 optional xfree86-1_3.3.4.orig.tar.gz
917c5efdbb8f5dc74f25521eb26e9762 690017 x11 optional xfree86-1_3.3.4-1.diff.gz
d061cfaa1d7fd85ccbbe3adade998fe4 40486 x11 optional rstart_3.3.4-1_i386.deb
d2762389362c0a1e911b376fd9260ddf 51256 x11 optional rstartd_3.3.4-1_i386.deb
4a9ddff54d88c21cede4cc2ed356c286 117778 x11 optional twm_3.3.4-1_i386.deb
f62915fb44aa30352205046e08f45037 944440 x11 optional xbase-clients_3.3.4-1_i386.deb
7c7ab68e84093587d8d325312d056495 109706 x11 optional xdm_3.3.4-1_i386.deb
bd0410f217d1259df9ddabb771b2db3b 455064 x11 optional xext_3.3.4-1_i386.deb
2d5d0f3eaf7239ebbf6b3b54228dfa73 221470 x11 optional xf86setup_3.3.4-1_i386.deb
b865e9f5ca0a797008bc8c94d0466e02 189508 x11 optional xfs_3.3.4-1_i386.deb
c8ea16580662b044b4f7729f73b5aa28 975816 x11 standard xlib6g_3.3.4-1_i386.deb
ca90c784549fb849794e022d90a75f60 1540530 x11 optional xlib6g-dev_3.3.4-1_i386.deb
4eabc14e7978a6e3920afebd16b01caf 15081580 x11 optional xlib6g-static_3.3.4-1_i386.deb
c33aac2f24647ffc063852e18392f146 101628 mail extra xmh_3.3.4-1_i386.deb
d02e0e35bc9e2dec6f781c2d393891bc 493996 x11 optional xnest_3.3.4-1_i386.deb
1d96306a7f7e9496245b200c3fd8b3ee 128992 x11 optional xproxy_3.3.4-1_i386.deb
c073f99366844e601300d9bdb76ea44f 1078214 x11 optional xprt_3.3.4-1_i386.deb
708bf6c6f99c962bacca69e643d3a94d 419824 x11 optional xserver-common_3.3.4-1_i386.deb
80c5cce1a91b56f6ec8e2a5e130fefbd 903124 x11 optional xserver-3dlabs_3.3.4-1_i386.deb
1edc4c9609570c376ee011caf6478931 721062 x11 optional xserver-8514_3.3.4-1_i386.deb
9059a9979b35372725a29aae327fbdee 795264 x11 optional xserver-agx_3.3.4-1_i386.deb
106978b6c22318d7ee4777757020cc18 828140 x11 optional xserver-fbdev_3.3.4-1_i386.deb
be014e5b103c81617de97a53cca3235d 891760 x11 optional xserver-i128_3.3.4-1_i386.deb
9fdecce4e6257140786a5f2f749b3151 782858 x11 optional xserver-mach32_3.3.4-1_i386.deb
aadccec193cb1e5774bd10b064da7580 829098 x11 optional xserver-mach64_3.3.4-1_i386.deb
f82f9bcb77df7cb7c4389573713ce81a 724346 x11 optional xserver-mach8_3.3.4-1_i386.deb
e54f019b212567f11f61a0bbbfafbcdc 778506 x11 optional xserver-mono_3.3.4-1_i386.deb
fd173e0eaed8d7c3cd200d8dc1676cb5 804288 x11 optional xserver-p9000_3.3.4-1_i386.deb
3f523948f5a5e0e3f9a47ff1150bbdc3 990640 x11 optional xserver-s3_3.3.4-1_i386.deb
8943f57267adc4360eca68e99161cc9d 889732 x11 optional xserver-s3v_3.3.4-1_i386.deb
60edc1b2b585a87437a60a29dc427073 1285576 x11 optional xserver-svga_3.3.4-1_i386.deb
9fdfcf55ea93dfeab78e89174534fdbb 788250 x11 optional xserver-vga16_3.3.4-1_i386.deb
d727728c528821b15a05671a4c6654df 737522 x11 optional xserver-w32_3.3.4-1_i386.deb
ee79f87f7542199645f10e33751cada4 83160 x11 optional xsm_3.3.4-1_i386.deb
754fd8f3260b4167a5bffa4ea67da955 303754 x11 optional xterm_3.3.4-1_i386.deb
591ed46288ff65bdebbb481200d766bd 1063056 x11 optional xvfb_3.3.4-1_i386.deb
49de4909d9e81b23c14e841a24c3b1c3 39938 oldlibs extra xbase_3.3.4-1_all.deb
53a0bf3cd61470a0de76eb9b9b0d0302 264740 x11 standard xfree86-common_3.3.4-1_all.deb
6dd773eab3d1db3066927f97dd57d274 773382 oldlibs optional xlib6_3.3.4-1_i386.deb
e73f71f4351c20715963e77cf6a97082 1289410 oldlibs optional xlib6-altdev_3.3.4-1_i386.deb
0da6bc77e5c0b54c328fd8cee48e3a39 13636594 oldlibs optional xlib6-static_3.3.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBN8X+yaiRn0nSNFD5AQHDsQP/QrJi2sk0MD3OHVhtFJUz0YTUeuudt/WC
5OtXdY3LUPZIAK1X37Gezz36I+gS9ucwS6lD5f3SJ2RM8iOtKT15v5MzaM82kRfz
huWa6wZm83HQ+Xw1YlacMIvIkuLoImWOnAk7A+z2p0tmQyKGvnm4bzXu4ZL2Frly
x0ifW39fzts=
=7kF9
-----END PGP SIGNATURE-----
reopen 7112 !
thanks
I noticed today that xterm on my system (Version: 3.3.4-1) is setuid
root:
-rwsr-xr-x 1 root root 182160 Aug 26 19:50 /usr/bin/X11/xterm
From /usr/doc/xterm/README.Debian:
--
Debian README for xterm package
By Branden Robinson
As of version 3.3.4-1, xterm logs to the wtmp and lastlog files. If you do
not have a utmp group on your system, xterm will be installed setuid root
instead of setgid utmp. xterm drops its root privileges after it
initializes, so if it is setuid this can result in corrupt wtmp entries.
The best thing to do is make a utmp group in /etc/group, or upgrade to
version 2.0.3.4 or later of the base-passwd package, so that you have a
utmp group.
--
I do have a utmp group on my system, yet xterm is still setuid root. xterm's
postinst contains the following snippet:
# if utmp group exists, take advantage of it
if members utmp; then
XTERM_MODE=2755
XTERM_GROUP=utmp
else
XTERM_MODE=4755
XTERM_GROUP=root
fi
I have no 'members' program on my system, nor do I know of one, so apparently
the script is deciding that I have no utmp group.
--
- Matt
On Sun, Aug 29, 1999 at 03:17:53AM -0400, Matt Zimmerman wrote:
> reopen 7112 !
> thanks
Please don't reopen the bug.
> I have no 'members' program on my system, nor do I know of one, so apparently
> the script is deciding that I have no utmp group.
Yes, that was my mistake, and will be fixed in the version I build today.
I went temporarily insane and assumed that a program as fundamental as
"members" was in an Essential package.
I will write an alternative method for grepping the utmp file for folks who
don't have members, and only then fallback to setuid root.
--
G. Branden Robinson | The greatest productive force is human
Debian GNU/Linux | selfishness.
[email protected] | -- Robert Heinlein
cartoon.ecn.purdue.edu/~branden/ |
This has been fixed for weeks. People will reopen bugs at the drop of a
hat but they're seldom as quick to close them when they're fixed. :-P
--
G. Branden Robinson | What influenced me to atheism was
Debian GNU/Linux | reading the Bible cover to cover.
[email protected] | Twice.
cartoon.ecn.purdue.edu/~branden/ | -- J. Michael Straczynski