Xorg 7 - various comments

Ag Hatzim zkom.xl at gmail.com
Tue Apr 4 23:50:08 PDT 2006

DJ Lucas(dj at linuxfromscratch.org)@Tue, Apr 04, 2006 at 09:29:47PM -0500:
> Chris Staub wrote:
> >1. Xorg-cf-files and imake do not need the "--with-config-dir" option - 
> >${prefix}/lib/X11/config is the default.
> >
> I'm going to have to look into that further.  I've disposed of what 
> notes I had on it.  It was put in IIRC to do with a problem with xmkmf. 
>  I can not see how the default will not work, so it probably is 
> unnecessary.
Chris is right about that one,i was also left out the "--with-config-dir"
option,and the files went under /usr/lib/X11/config

[439](~)cat LBFS/blfs/X/xorg-cf-files-1.0.1-20060329_alphabetical 

> >
> > Also,and i don't know if this happened to any of you,but i found many 
> > reports in the google plus is also mentioned in the xorg's developer
> > guide,the xorg server doesn't installed as SUID root ( i was using
> > sudo).

> [dj at name1 bootscripts]# ls -l /usr/X11R6/bin/Xorg
> -rws--x--x  1 root root 2085770 Mar  5 13:07 /usr/X11R6/bin/Xorg
> [dj at name1 bootscripts]# ls -l /media/lfs/usr/bin/Xorg
> -rwsr-xr-x  1 root root 7262992 Mar 25 10:23 /media/lfs/usr/bin/Xorg

> I do script the build as the root user.

Yes if you run the build as root,but not as a normal user.

Copy from the wiki-developers page.

Post-build configuration.
In addition to the usual Xorg configuration steps, make sure the server
was installed SUID root. This should happen automatically if you tell
the build script to use sudo, but if make install runs as a normal user
then this won't happen automatically. To do this:

$ su
Password: <enter your root password here>
# chown root /tmp/modular/bin/Xorg
# chmod 4711 /tmp/modular/bin/Xorg
# exit

I run the "make install" with sudo,but still the xorg server is not
installed suid root,as a result i couldn't login to X.

In addition and relative to this issue,a vulnerability has been found in
the X.Org server [1],because the Xorg server is installed setuid root.
The 1.0.2 release is not vulnerable,however the patch for 6.9.0 [2] should
be put in the book.

1. http://wiki.x.org/wiki/SecurityPage
2. http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff

More information about the blfs-dev mailing list