From owner-freebsd-stable  Thu Jul 25 16:37: 4 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0455637B400
	for <stable@freebsd.org>; Thu, 25 Jul 2002 16:37:02 -0700 (PDT)
Received: from blueyonder.co.uk (pcow058o.blueyonder.co.uk [195.188.53.98])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1761143E5E
	for <stable@freebsd.org>; Thu, 25 Jul 2002 16:37:01 -0700 (PDT)
	(envelope-from andrew@cream.org)
Received: from pcow058m.blueyonder.co.uk ([127.0.0.1]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Fri, 26 Jul 2002 00:37:00 +0100
Received: from cream.org (unverified [62.31.80.97]) by pcow058m.blueyonder.co.uk
 (Content Technologies SMTPRS 4.2.9) with ESMTP id <T5c50c10d36ac1785c31cb@pcow058m.blueyonder.co.uk>;
 Fri, 26 Jul 2002 00:37:00 +0100
Message-ID: <3D408C44.3080708@cream.org>
Date: Fri, 26 Jul 2002 00:39:48 +0100
From: Andrew Boothman <andrew@cream.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020611
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: David Schultz <dschultz@uclink.Berkeley.EDU>
Cc: Erik Trulsson <ertr1013@student.uu.se>,
	"Maxim M. Kazachek" <stranger@sberbank.sibnet.ru>, stable@FreeBSD.ORG
Subject: Re: X not suid root in 4.6.1-RC2?
References: <20020725103641.U18384-100000@sbk-gw.sibnet.ru> <3D3F7AF3.8030202@cream.org> <20020725041956.GA75402@falcon.midgard.homeip.net> <20020725112036.GB4236@HAL9000.homeunix.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

David Schultz wrote:

>It isn't (shouldn't be) a dependency because you don't need it if
>you're running xdm from init.  IIRC, the wrapper was split into a
>separate package for this reason.  Moreover, if there is a locally
>exploitable vulnerability in the X server, installing the suid
>wrapper could potentially open a security hole.  When you install
>X from ports, you get a big flashy notice telling you about the
>wrapper, and that should be good enough.
>
I understand the need to avoid installing suid binaries wherever 
possible, it is just slightly confusing that as a non-xdm user it's 
never explained what you need to do to get X working after you install it.

I think it'd be nice if sysinstall told you, or if xinit understood what 
is needed if the X server isn't suid root.

Thanks for everyone's help, I'll see if I can find a way to make this a 
little clearer for new users.

Andrew.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message