Date: Fri, 26 Jul 2002 00:39:48 +0100 From: Andrew Boothman <andrew@cream.org> To: David Schultz <dschultz@uclink.Berkeley.EDU> Cc: Erik Trulsson <ertr1013@student.uu.se>, "Maxim M. Kazachek" <stranger@sberbank.sibnet.ru>, stable@FreeBSD.ORG Subject: Re: X not suid root in 4.6.1-RC2? Message-ID: <3D408C44.3080708@cream.org> References: <20020725103641.U18384-100000@sbk-gw.sibnet.ru> <3D3F7AF3.8030202@cream.org> <20020725041956.GA75402@falcon.midgard.homeip.net> <20020725112036.GB4236@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Schultz wrote: >It isn't (shouldn't be) a dependency because you don't need it if >you're running xdm from init. IIRC, the wrapper was split into a >separate package for this reason. Moreover, if there is a locally >exploitable vulnerability in the X server, installing the suid >wrapper could potentially open a security hole. When you install >X from ports, you get a big flashy notice telling you about the >wrapper, and that should be good enough. > I understand the need to avoid installing suid binaries wherever possible, it is just slightly confusing that as a non-xdm user it's never explained what you need to do to get X working after you install it. I think it'd be nice if sysinstall told you, or if xinit understood what is needed if the X server isn't suid root. Thanks for everyone's help, I'll see if I can find a way to make this a little clearer for new users. Andrew. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D408C44.3080708>