[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: XFree86 insecurity (abc123)
From:       Czako Krisztian <slapic () FIDO ! HU>
Date:       1997-11-25 0:23:06
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----


[Your antispam program is a bit too paranoid I think...]

On Fri, 21 Nov 1997, shegget wrote:

> Program:   XF86_*, the XFree86 servers (XF86_SVGA, XF86_VGA16, ...)
> Version:   Tested on XFree86 3.3.1 (current), 3.2.9 and 3.1.2.
>            Other versions as well.
> OS:        All

Except Debian Linux, where the X servers aren't setuid root!

> Impact:    The XFree86 servers let you specify an alternate configuration
>            file and do not check whether you have rights to read it.
>            Any user can read files with root permissions.

One more reason to use Debian :)

On my Debian 1.3.1 + hamm upgarde (XFree86 3.3.1):
bash-2.00$ ls -l /usr/X11R6/bin/X*
- -rwsr-xr-x   1 root     root         4728 Oct 18 06:58 /usr/X11R6/bin/X
- -rwxr-xr-x   1 root     root       820544 Jun 20 16:41 /usr/X11R6/bin/XF86Setup
- -rwxr-xr-x   1 root     root      2313580 Jul 17 15:33 /usr/X11R6/bin/XF86_S3
- -rwxr-xr-x   1 root     root      1816864 Jun 20 16:41 /usr/X11R6/bin/XF86_VGA16

bash-2.00$ cd /usr/X11R6/bin/
bash-2.00$ ./X
X: you are not authorised to run the X server

bash-2.00$ dpkg -S /usr/X11R6/bin/X
xbase: /usr/X11R6/bin/X

So I suggest using this wrapper on all systems where possible.
Another solution can be running xdm, and make xdm to start the X server.
In this case you don't need the X server to be setuid root.

Slapic

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAgUBNHoMXj1bHc+WqbNdAQFrswP/dhLdRcZaL0JhLuVK6poEZpMRZBPsm8Vl
M9Vftgw7gPz5pNEXxeDjlKUcA8iMPFIuTCATOy/iwo9WmOEPikfW8vT07zts9RiY
Wkvxt92PiCUKLsiQBY09iqN//vJBnPdH/mktKKYP8vsxdqJmlrVJWJIFlUTLoh+b
pGqPUkaM+lY=
=0LDg
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]