Re: XFree86 insecurity

[slapic () FIDO HU (Czako Krisztian)]

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 21 Nov 1997, shegget wrote:

> Program:   XF86_*, the XFree86 servers (XF86_SVGA, XF86_VGA16, ...)
> Version:   Tested on XFree86 3.3.1 (current), 3.2.9 and 3.1.2.
>            Other versions as well.
> OS:        All

Except Debian Linux, where the X servers aren't setuid root!

> Impact:    The XFree86 servers let you specify an alternate configuration
>            file and do not check whether you have rights to read it.
>            Any user can read files with root permissions.

One more reason to use Debian :)

On my Debian 1.3.1 + hamm upgarde (XFree86 3.3.1):
bash-2.00$ ls -l /usr/X11R6/bin/X*
- -rwsr-xr-x   1 root     root         4728 Oct 18 06:58 /usr/X11R6/bin/X
- -rwxr-xr-x   1 root     root       820544 Jun 20 16:41 /usr/X11R6/bin/XF86Setup
- -rwxr-xr-x   1 root     root      2313580 Jul 17 15:33 /usr/X11R6/bin/XF86_S3
- -rwxr-xr-x   1 root     root      1816864 Jun 20 16:41 /usr/X11R6/bin/XF86_VGA16

bash-2.00$ cd /usr/X11R6/bin/
bash-2.00$ ./X
X: you are not authorised to run the X server

bash-2.00$ dpkg -S /usr/X11R6/bin/X
xbase: /usr/X11R6/bin/X

So I suggest using this wrapper on all systems where possible.
Another solution can be running xdm, and make xdm to start the X server.
In this case you don't need the X server to be setuid root.

Slapic

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAgUBNHY6bD1bHc+WqbNdAQGRCgQAqFhmY0ZagWuLeOa9JbG1/CS+O00TiGBy
Y6FBAFtiR/Eem6/xA85XYgoI2b6gGlh3LyDNGmalLsk0moNI8yRfmNh6LNZAK2GB
PjbvoAg4CrQN3D3XTuEGuu7+M5D3yXaNz0ErvYDwAjBJRC45zJqWweQeKYezsaKn
9QjgCP7bw9Y=
=FDkj
-----END PGP SIGNATURE-----