security problem in xdm(1) of MIT X and dxsession(1) of DECwindows
USENET News System
news at zgdvda.UUCP
Thu Apr 13 00:15:51 AEST 1989
On Ultrix-32 3.0, unlike login(1) or su(1), dxsession(1) has a long life and
keeps a user's plain-text password in its stack area. Unfortunately, the
password will not be destroyed after authentication, even the user has logged
out. Since the /dev/mem file is readable by everybody on Ultrix (sigh!), the
password could be got by scanning the /dev/mem file for some specific string
patterns.
I don't know if DECwindows on VMS has the same problem. However, by looking
up the source code (with patch[1-9]) of X11R3 from MIT, it seems that xdm(1)
has the similar problem.
Ning Zhang
<zhang at zgdvda.uucp>
More information about the Comp.unix.ultrix
mailing list