[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Debian X package shouldn't install XDM by default
From:       Branden Robinson <branden () debian ! org>
Date:       2001-04-17 20:49:58
[Download RAW message or body]

On Tue, Apr 17, 2001 at 04:36:58PM +0200, Bernd Eckenfels wrote:
> On Tue, Apr 17, 2001 at 12:35:16PM +0400, Ilya Martynov wrote:
> > xdm is started from init scripts, suid X server started by user.
> > In fisrt case program is started in relatively safe environment, in
> > second case environment can be very hostile.
> 
> Actually the /usr/bin/X Program is a wrapper and not a X Server. xdm had
> some (remote) exploits, so I would not consider it equally safe to
> X-Wrapper.

xdm doesn't listen on TCP ports by default anymore, so this is somewhat
mitigated..

-- 
G. Branden Robinson             |   It's not a matter of alienating authors.
Debian GNU/Linux                |   They have every right to license their
branden@debian.org              |   software however we like.
http://www.debian.org/~branden/ |   -- Craig Sanders, in debian-devel

[Attachment #3 (application/pgp-signature)]
-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


[prev in list] [next in list] [prev in thread] [next in thread]