SUMMARY: suid bit on xterm/shelltool/cmdtool

From: Brian T. Wightman (wightman@sol.acs.uwosh.edu)
Date: Thu Jun 15 1995 - 07:53:10 CDT


Sorry for the delay on this summary.

Original question:
> Date: Wed, 03 May 1995 08:26:39 CDT
> To: sun-managers@ra.mcs.anl.gov
> From: "Brian T. Wightman" <wightman@sol.acs.uwosh.edu>
> Subject: suid bit on xterm/shelltool/cmdtool
>
> Hi all,
>
> I am trying to set up xterm/shelltool/cmdtool so that the ownership of a
> tty is changed to the person using the program. This will allow things
> like "mesg n", etc to work. I know that you can set the suid bit on an
> xterm and it will do this. I now have a couple of questions...
>
> 1) Are there any problems that anyone knows about with setting the
> suid bit on xterm (this is the one distributed with openwindows
> 3.0 and openwindows recommended patches)? I am looking for
> security considerations and other "quirks".
>
> 2) Can the same thing be done with shelltool/cmdtool (again, OW3.0
> with recommended patches)? I tried on an isolated box and when
> it was suid, it would not even execute. I got the following
> error:
>
> A command window has exited because its child exited.
> Its child's process id was 8572 and it exited with return code 1.
>
> Configuration is SunOS 4.1.3/OW 3.0 with all recommended patches.
>
> I could switch all users to xterms, but I have too many users that use
> shelltool/cmdtool.
>
> Thanks in advance,
> I will summarize (as is policy)
> Brian
>
> Brian T. Wightman wightman@sol.acs.uwosh.edu
> Academic Computing, UW-Oshkosh wightman@oshkoshw.bitnet
> 800 Algoma Blvd, Dempsey Hall 307 http://sol.acs.uwosh.edu/~wightman
> Oshkosh, Wisconsin 54901 Phone: (414) 424-3020

I would like to that the following people for their help:

Brian Utterback <blu@mc.com>
Casper Dik <casper@Holland.Sun.COM>
Gene Rackow <rackow@mcs.anl.gov>
Glenn.Satchell@uniq.com.au (Glenn Satchell - Uniq Professional Services)
John Valdes <valdes@geosun.uchicago.edu>
barmar@near.net
bern@TI.Uni-Trier.DE (Jochen Bern)
citicds!cntower!arash@uunet.uu.net (Arash Jahangir)
sten@ergon.CH (Sten Gunterberg)

The overwelming response was that unless I get the source for xterm
(from X11R6 or X11R5pl26 or greater) and compile it myself, I would be
open to problems. Shelltool and cmdtool are definitely not candidates
for this.

One further query - I ran some tests on the version of xterm bundled
with Sunos4.1.3, and tried setting it suid root. Everything worked
fine, even to the point of not allowing logging if I did not have
permission to write to / create the log file that I passed on the
command line. If I had permission to write to the log file,
everything worked, which would be the correct behavior, I think. Am I
missing something here, or has Sun patched xterm and never let anyone
know about it...

Brian (caught up on summaries, I hope)

Brian T. Wightman wightman@sol.acs.uwosh.edu
Academic Computing, UW-Oshkosh wightman@oshkoshw.bitnet
800 Algoma Blvd, Dempsey Hall 307 http://sol.acs.uwosh.edu/~wightman
Oshkosh, Wisconsin 54901 Phone: (414) 424-3020



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:27 CDT