Re: libX11 overflow continued....

Lamont Granquist (lamontg@HITL.WASHINGTON.EDU)
Fri, 30 May 1997 05:38:50 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Hedley: "Re: libX11 overflow continued...."
Previous message: David Hedley: "libX11 overflow continued...."
Maybe in reply to: David Hedley: "libX11 overflow continued...."
Next in thread: David Hedley: "Re: libX11 overflow continued...."

On Fri, 30 May 1997, David Hedley wrote:
> Set the environment variable XAPPLRESDIR to be your home directory (you
> will only have to do this if it is already pointing somewhere else, or
> you have set some of the other X resource enviroment variables like
> XUSERFILESEARCHPATH), and then run xterm. xterm will then segmentation
> fault/bus error etc.

Joe Zbiciak's wrapper almost protects against this. It nukes XAPPLRESDIR,
XUSERFILESEARCHPATH and any environment variables that aren't in a small
set of approved ones (I had to add DISPLAY to this list). The problem is
that xterm will still pick up ~/XTerm anyway on the machine I tested this
on (varies based on configuration? anyone know offhand how to configure
it to not do this?). However, it does protect against, say ~/foobar/XTerm
with XAPPLRESDIR pointing to ~/foobar.

I tested this on an R5k O2 Irix 6.3.

Of course this probably just moves the buffer overflow into xrdb -merge,
(correct, David?)

--
Lamont Granquist <lamontg@hitl.washington.edu> (206)616-1469 fax:(206)543-5380
Human Interface Technology Lab.  University of Washington.  Seattle, WA
PGP pubkey: finger lamontg@near.hitl.washington.edu

Next message: David Hedley: "Re: libX11 overflow continued...."
Previous message: David Hedley: "libX11 overflow continued...."
Maybe in reply to: David Hedley: "libX11 overflow continued...."
Next in thread: David Hedley: "Re: libX11 overflow continued...."