In message <Pine.LNX.4.03.9811081750370.13094-100000at_private>, Adrian Voin ea writes: > Hello, > > XFree86 3.3.2's setup tool 'xf86config', when it runs 'X -probeonly > -pn -xf86config /tmp/XF86Config.tmp' creates 2 files with mode 644 in > /tmp, XF86Config.tmp and dumbconfig.2 and then erases them: > ... Etc. Is this really a problem? On my system, at least (BSD/OS 4.0), xf86config isn't setuid, so there's only an issue if someone privileged runs it. (If that's not the case, then there's a deeper underlying security problem.) And xf86config is the sort of program that one would run when a machine is being set up, not when it's open to general users.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:30 PDT