Xorg 7 - various comments
dbn.lists at gmail.com
Tue Apr 4 23:59:34 PDT 2006
On 4/4/06, Ag Hatzim <zkom.xl at gmail.com> wrote:
> Post-build configuration.
> In addition to the usual Xorg configuration steps, make sure the server
> was installed SUID root.
This is obviously very important. Thanks for reporting, Ag. This
should be in the book, ASAP. I'll throw the text in tomorrow when I
add some other changes if no one else gets to it first.
> In addition and relative to this issue,a vulnerability has been found in
> the X.Org server ,because the Xorg server is installed setuid root.
> The 1.0.2 release is not vulnerable,however the patch for 6.9.0  should
> be put in the book.
> 1. http://wiki.x.org/wiki/SecurityPage
> 2. http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff
I noticed that too, and then forgot about it because I was using
1.0.2. :) I'm going to open a bug about this. Ag, do you know if
this affect XFree86-4.5.0, too? I have no idea.
More information about the blfs-dev