There is presently at least one hole in the X11 libraries (a buffer
overflow) being passed around in hacker circles. This buffer overrun
makes it possible to exploit any setuid program for X11 (e.g. xterm)
user set to; xterm (and others) give root.
A temporary fix is to remove the setuid bit on all X11 executables;
the following statement will find them
> find /usr/X11R6 -perm -4000 -print
unless somebody has installed them in /usr/local/bin - hopefully not.
The following statement will remove the bits (untested) - and you
_will_ loose functionality on it:
> find /usr/X11R6 -perm -4000 -exec chmod u-s \{\} \;
This will _not_ remove group vulnerabilities. Remember that running
an X-server locally is not required to be vulnerable; all non-patched
servers able to run xterm are vulnerable.
Hopefully XFree will provide replacement libraries soon; if not, I'll
try to do it, but I'm not presently equipped to compile new libraries
for all FreeBSD versions. (The XFree liason is Cc:'ed - can you
comment on this, Rich?)
Eivind.