From owner-cvs-all Sun Apr 30 1:28:20 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 08DC137BC61; Sun, 30 Apr 2000 01:28:18 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA15029; Sun, 30 Apr 2000 01:28:17 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 30 Apr 2000 01:28:17 -0700 (PDT) From: Kris Kennaway To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/x11/XFree86-4 Makefile In-Reply-To: <200004300821.BAA14444@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 30 Apr 2000, Kris Kennaway wrote: > Modified files: > x11/XFree86-4 Makefile > Log: > Mark FORBIDDEN due to the root hole in the X server reported on Bugtraq. > I've tried *multiple* times to talk to an XFree86 developer about the > problem, but they haven't deigned to respond to me. Probably the best thing we could do is to add back Xwrapper support to the port - for some reason which can only be described (a priori) as idiotic, the XFree86 guys decided to remove Xwrapper (which is what prevents XFree86-3.x from being vulnerable to this hole) and make the X server itself setuid root again. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message