#7112 - xterm: xterm is setuid root - Debian Bug report logs

Debian Bug report logs - #7112
xterm: xterm is setuid root

Reported by: Matt Zimmerman <[email protected]>

Date: Tue, 4 Feb 1997 20:03:03 UTC

Severity: normal

Fixed in version xfree86-1/3.3.4-1

Done: Branden Robinson <[email protected]>

Bug is archived. No further changes may be made.

Subject: Bug#7112: xterm is unnesesary suid to root
Reply-To: Ian Jackson <[email protected]>, [email protected]
Resent-From: Ian Jackson <[email protected]>
Resent-To: [email protected]
Resent-CC: Stephen Early <[email protected]>
Resent-Date: Sun, 09 Feb 1997 18:45:53 GMT
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
Message-Id: <[email protected]>
Date: Fri, 7 Feb 97 18:59 GMT
From: Ian Jackson <[email protected]>
To: [email protected]

Bo Branten: > In debian xterm is suid to root. There are no reason for that since it can > get write access to the neded log files (/var/log/wtmp, /var/log/lastlog > and /var/run/utmp) with a proper sgid and group write access for the > log files. No, xterm needs to be setuid root in order to do tty/pty allocation in a way that results in a secure session inside the xterm. When a general solution to this problem is available then xterm should use it, but until then it should remail setuid root. I'm retitling this bug and merging it with #988, in which I reported that `script' is insecure (because it isn't setuid root - and isn't written to be - and so can't do proper pty allocation). Ian.

Debian bug tracking system administrator <[email protected]>. Last modified: Fri Jun 6 06:15:11 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #7112 xterm: xterm is setuid root

Debian Bug report logs - #7112
xterm: xterm is setuid root