> Both of these require all X servers (and servers for the other services > you mention later) run with sufficient privileges). The first opens up > a DoS for servers that don't have sufficient privileges. XFree86, for > example, ships with three "servers" that are not normally run with > sufficient privileges (lbxproxy, Xnest, Xvfb). I'd rather have my Xservers setgid X11 than totally insecure. There are neat Linux solutions with the non fs name space but setgid X11 appears to be the requirement for safe server side creation. Is setgid X11 a problem, given the worst gaining it can do is to leave you back where we are right now ?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:57 PDT