Hi,
We have a bug in one of our applications which allows application users to start unix commands with application UID, and of course xterminals. Any ideas how to find out which terminals have been started without authorisation using this bug?
Thanks,
Slava
PS: OS is Solaris 8
Start by obtaining the process id (PID) and parent process id (PPID) for each xterm that is running, crosscheck the PPID against your applications process ids (PIDs). If you find a match your application has started (forked) the xterm so you can terminate it with SIGKILL (kill -9 PID of xterm;).
You should also be able to find out the DISPLAY that the xterm is running against and start your own X program to warn of illegal use etc
Why not restrict permissions for xterm (etc) and use SUDO to control access to it?