Newsgroups: comp.windows.x
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!news.cs.indiana.edu!ux1.cso.uiuc.edu!phil
From: phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN)
Subject: Re: Xterm cannot write log files
Message-ID: <1991Apr10.222541.14268@ux1.cso.uiuc.edu>
Organization: University of Illinois at Urbana
References: <9104100652.AA06486@lightning.McRCIM.McGill.EDU>
Date: Wed, 10 Apr 1991 22:25:41 GMT
Lines: 34

mouse@lightning.mcrcim.mcgill.EDU (der Mouse) writes:

>> Is there any pressing reason for xterm to be suid root ?

>Not unless you want utmp entries for your xterm windows.  (Unless you
>make utmp world-writeable, which opens up other, fairly serious,
>security holes, but that may be acceptable in trusting environments.)

An alternate strategy that involves UNIX's "philosophy" of having extra
processes:

Write a root program called xutmp or something like that.  When xterm
is going to otherwise exec the shell in its child under conditions it
would update utmp, it should instead exec xutmp.  What xutmp will do
is update the utmp, fork again and exec the shell, and wait for the
shell to exit.  When the shell exits, update utmp and exit back to
xterm.

It would be YET ANOTHER PROCESS, but it seems often that UNIX programmers
are already rather liberal with processes, so only the critics of such
programmers should complain (I'm not sure if I am or not).

xutmp would have to be smart enough to deal with cases of whether or not
utmp already reflects an entry for the same tty, and NOT any updates if
that is the case (and it can bypass the fork in that case as well).
That would prevent some user messing up utmp.

Then xterm could run as owned by the user (and those of us without root
ids can kill all those errant xterms that seem to hang around all the time).
-- 
 /***************************************************************************\
/ Phil Howard -- KA9WGN -- phil@ux1.cso.uiuc.edu                              \
\ Lietuva laisva -- Brivu Latviju -- Eesti vabaks                             /
 \***************************************************************************/
