Xorg 7 - various comments

Dan Nicholson dbn.lists at gmail.com
Tue Apr 4 23:59:34 PDT 2006


On 4/4/06, Ag Hatzim <zkom.xl at gmail.com> wrote:
> Post-build configuration.
> In addition to the usual Xorg configuration steps, make sure the server
> was installed SUID root.

This is obviously very important.  Thanks for reporting, Ag.  This
should be in the book, ASAP.  I'll throw the text in tomorrow when I
add some other changes if no one else gets to it first.

> In addition and relative to this issue,a vulnerability has been found in
> the X.Org server [1],because the Xorg server is installed setuid root.
> The 1.0.2 release is not vulnerable,however the patch for 6.9.0 [2] should
> be put in the book.
>
> 1. http://wiki.x.org/wiki/SecurityPage
> 2. http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff

I noticed that too, and then forgot about it because I was using
1.0.2. :)  I'm going to open a bug about this.  Ag, do you know if
this affect XFree86-4.5.0, too?  I have no idea.

--
Dan



More information about the blfs-dev mailing list