[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: Debian X package shouldn't install XDM by default
From: Branden Robinson <branden () debian ! org>
Date: 2001-04-17 20:49:58
[Download RAW message or body]
On Tue, Apr 17, 2001 at 04:36:58PM +0200, Bernd Eckenfels wrote:
> On Tue, Apr 17, 2001 at 12:35:16PM +0400, Ilya Martynov wrote:
> > xdm is started from init scripts, suid X server started by user.
> > In fisrt case program is started in relatively safe environment, in
> > second case environment can be very hostile.
>
> Actually the /usr/bin/X Program is a wrapper and not a X Server. xdm had
> some (remote) exploits, so I would not consider it equally safe to
> X-Wrapper.
xdm doesn't listen on TCP ports by default anymore, so this is somewhat
mitigated..
--
G. Branden Robinson | It's not a matter of alienating authors.
Debian GNU/Linux | They have every right to license their
branden@debian.org | software however we like.
http://www.debian.org/~branden/ | -- Craig Sanders, in debian-devel
[Attachment #3 (application/pgp-signature)]
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic