From owner-freebsd-ports Fri Oct 27 15:41:37 2000 Delivered-To: freebsd-ports@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 74A2837B479; Fri, 27 Oct 2000 15:41:33 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9RMhbb08627; Fri, 27 Oct 2000 15:43:37 -0700 (PDT) (envelope-from kris) Date: Fri, 27 Oct 2000 15:43:37 -0700 From: Kris Kennaway To: Carlos A M dos Santos Cc: Kris Kennaway , Satoshi - Ports Wraith - Asami , kris@FreeBSD.ORG, ports@FreeBSD.ORG, qa@FreeBSD.ORG, taguchi@tohoku.iij.ad.jp Subject: Re: Making XFree86-4 the default Message-ID: <20001027154337.A8619@citusc17.usc.edu> References: <20001026183207.A71629@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from casantos@cpmet.ufpel.tche.br on Fri, Oct 27, 2000 at 10:20:24AM +0000 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 27, 2000 at 10:20:24AM +0000, Carlos A M dos Santos wrote: > Well, in 4.1-RELEASE with XFree 3.3.6 it *is* doing something. Look at > /etc/pam.conf. Yes, it does in 3.3.6, we are talking about 4.0.x. > > Do we depend on the xwrapper by default yet, and not install the > > servers setuid root? > > The X server needs to be installed suid root only if you want it to be > started by ordinary users with "startx". XDM already starts the server as > root. The server doesn't use any authentication, PAM or whatever else, XDM > does. Again, I'm talking about the behaviour of the 4.0.x server. 3.3.6 was not installed setuid root, but had a setuid root wrapper which performed some amount of input validation, and was responsible for catching at least one server buffer overflow. 4.0.x removed that, although we now have an xwrapper port which should be used by default. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message