Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: xfs.txt

XFS Bug




Bug in xfs

Lukasz Trabinski (lukasz@LT.WSISIZ.EDU.PL)
Tue, 30 Mar 1999 00:14:34 +0200 

Hello,

I hope that's information will be useful for making new patch for
XFree86.

I found bug in xfs

(Packet XFree86-xfs-3.3.3.1-1 in RedHat 5.1 and probably in RedHat 5.2
updates, too)
Xfs is a font server for XFree86, it's also create directory in /tmp
That directory name .font-unix

Let's make a little check:

On first console (I logged as a normal user)

[lukasz@lt /tmp]$ cat /etc/shadow
cat: /etc/shadow: Permission denied

[lukasz@lt /tmp]$ ls -all /etc/shadow
-r--------   1 root     root          544 Mar 30 00:04 /etc/shadow

[lukasz@lt /tmp]$ ll
total 2
drwxrwxrwt   2 root     root         1024 Mar 30 00:05 .
drwxr-xr-x  18 root     root         1024 Mar 23 00:10 ..
lrwxrwxrwx   1 lukasz   users          11 Mar 30 00:05 .font-unix ->
/etc/shadow

On second console, as root

[root@lt /root]# xfs &
[1] 2021
[root@lt /root]# _FontTransSocketCreateListener: failed to bind listener
_FontTransSocketUNIXCreateListener: ...SocketCreateListener() failed
_FontTransMakeAllCOTSServerListeners: failed to create listener for local


On first console:

[lukasz@lt /tmp]$ ls -all /etc/shadow
-rwxrwxrwt   1 root     root          544 Mar 30 00:04 /etc/shadow
^^^^^^^^^^^
That's all ;)

Solution, As root before run xfs, make rm -rf /tmp/.font-unix


Sorry for my broken English ;(


                    _[   Lukasz Trabinski   ]_
PgP Key: finger:lukasz@oceanic.wsisiz.edu.pl, SysAdmin @wsisiz.edu.pl

-----------------------------------------------------------------------

Re: Bug in xfs

Matthieu Herrb (matthieu@laas.fr)
Wed, 31 Mar 1999 08:04:17 +0200 

You wrote (in your message from Tuesday 30)
 >
 > I hope that's information will be useful for making new patch for
 > XFree86.
 >
 > I found bug in xfs


This is caused by the same bug in xc/lib/xtrans that "in.telnetd"
<telnetd@DOEMILL.SHOCKING.COM> reported under the subject "X11R6 NetBSD
Security Problem" last week.

The patch I submitted (with stat() replaced by lstat(), as noted by
Kevin Vajk and other) also fixes that.
--
                                        Matthieu

-----------------------------------------------------------------------

Re: Bug in xfs

Juha Virtanen (jiivee@iki.fi)
Wed, 31 Mar 1999 09:38:28 +0300 

Regardless of the bug Lukasz Trabinski found in xfs -- it should
be fixed and similar bugs traced from other software as well --
it is not necessary to run xfs with root permissions at all.

Someone may unknowingly argue that it needs to listen a port.
Yes, but that's usually port 7100, and as it's not under 1024
limit, so root permission isn't needed.

I've run xfs for ages on separate account. below is the
significant startup line I use in RedHat 5.x systems:

daemon /bin/su fontsvr -c "/usr/X11/bin/xfs -config /etc/X11/fs/config -port 7100 &"

The rule is: if a daemon can do its work with lower permissions
than root, it should.

I do also run named as nonroot permissions (Startup
/usr/sbin/named -u user -g group). I recommend other people
doing this as well.


Juha Virtanen
--
<URL:http://www.iki.fi/jiivee/>

-----------------------------------------------------------------------

Re: Bug in xfs

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Wed, 31 Mar 1999 10:25:07 +0100 

> I do also run named as nonroot permissions (Startup
> /usr/sbin/named -u user -g group). I recommend other people
> doing this as well.

This isnt one to do blindly as it means named cannot bind to interfaces
that appear dynamically (eg as a DNS cache on a terminal server). The
fact that you end up having to run named as root or with the relevant
capability to allow it to bind to low ports.

Alan

-----------------------------------------------------------------------

Re: Bug in xfs

Roman Drahtmueller (draht2@RZLIN1.RUF.UNI-FREIBURG.DE)
Wed, 31 Mar 1999 05:10:14 +0200 

[snip]
> [lukasz@lt /tmp]$ ls -all /etc/shadow
> -r--------   1 root     root          544 Mar 30 00:04 /etc/shadow
[snip]
> [root@lt /root]# xfs &
[snip]
> [lukasz@lt /tmp]$ ls -all /etc/shadow
> -rwxrwxrwt   1 root     root          544 Mar 30 00:04 /etc/shadow
[snip]
> Solution, As root before run xfs, make rm -rf /tmp/.font-unix

For sure this needs to be fixed. Your "solution" introduces a race
condition, though, if the font server is started when users are
allowed to log on.

A better interim aid is not to run xfs as root in the first place. In
fact, why would one want to run things as root if not necessary?

Roman.
Computer Center University of Freiburg, Germany.
"The whole world is about three drinks behind."  (Humphrey Bogart)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH