260 – should xterm be suid?

Bug 260 - should xterm be suid?

Summary: should xterm be suid?

Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	distribution
Sub Component:	(Show other bugs)
Version:	5.2
Hardware:	i386 Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	David Lawrence
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1998-12-02 12:05 UTC by ian.clark
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	1998-12-02 16:14:31 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description ian.clark 1998-12-02 12:05:24 UTC

I have just installed redhat 5.2 and noticed that xterm was
running as root. Upon looking in /usr/X11R6/bin in noticed
there a number of files set as suid is this correct?

The files affected are :-

kterm
nxterm
seyon
xbill
xhextris
xscreensaver
and xterm
also (but i'm not sure about) XConsole and XWrapper.

Ian

Comment 1 Bill Nottingham 1998-12-02 16:14:59 UTC

XConsole, kterm, nxterm, xterm are suid to log to utmp/wtmp.
xscreensaver is setuid to read shadow passwords.
(this will be changed in a future release...)
xbill & xhextris are set(u|g)id *games* to read/write score files.
XWrapper is suid so the X server isn't. :)

Note You need to log in before you can comment on or make changes to this bug.