-----BEGIN PGP SIGNED MESSAGE----- On Fri, 21 Nov 1997, shegget wrote: > Program: XF86_*, the XFree86 servers (XF86_SVGA, XF86_VGA16, ...) > Version: Tested on XFree86 3.3.1 (current), 3.2.9 and 3.1.2. > Other versions as well. > OS: All Except Debian Linux, where the X servers aren't setuid root! > Impact: The XFree86 servers let you specify an alternate configuration > file and do not check whether you have rights to read it. > Any user can read files with root permissions. One more reason to use Debian :) On my Debian 1.3.1 + hamm upgarde (XFree86 3.3.1): bash-2.00$ ls -l /usr/X11R6/bin/X* - -rwsr-xr-x 1 root root 4728 Oct 18 06:58 /usr/X11R6/bin/X - -rwxr-xr-x 1 root root 820544 Jun 20 16:41 /usr/X11R6/bin/XF86Setup - -rwxr-xr-x 1 root root 2313580 Jul 17 15:33 /usr/X11R6/bin/XF86_S3 - -rwxr-xr-x 1 root root 1816864 Jun 20 16:41 /usr/X11R6/bin/XF86_VGA16 bash-2.00$ cd /usr/X11R6/bin/ bash-2.00$ ./X X: you are not authorised to run the X server bash-2.00$ dpkg -S /usr/X11R6/bin/X xbase: /usr/X11R6/bin/X So I suggest using this wrapper on all systems where possible. Another solution can be running xdm, and make xdm to start the X server. In this case you don't need the X server to be setuid root. Slapic -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 iQCVAgUBNHY6bD1bHc+WqbNdAQGRCgQAqFhmY0ZagWuLeOa9JbG1/CS+O00TiGBy Y6FBAFtiR/Eem6/xA85XYgoI2b6gGlh3LyDNGmalLsk0moNI8yRfmNh6LNZAK2GB PjbvoAg4CrQN3D3XTuEGuu7+M5D3yXaNz0ErvYDwAjBJRC45zJqWweQeKYezsaKn 9QjgCP7bw9Y= =FDkj -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:02 PDT