Date: Wed, 13 Sep 2000 12:09:37 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Ade Lovett <ade@FreeBSD.org> Cc: Yukihiro Nakai <nakai@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/x11/gdm - Imported sources Message-ID: <Pine.BSF.4.21.0009131208080.13640-100000@freefall.freebsd.org> In-Reply-To: <20000913111908.T61662@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 13 Sep 2000, Ade Lovett wrote:
> On Thu, Sep 14, 2000 at 01:07:02AM +0900, Yukihiro Nakai wrote:
> > Sorry I didn't know it's still such a headache.
> >
> > I think many users want to use gdm even if it works only on
> > standalone machine so how is to set it broken and warn to users
> > it's very exploitable, or should I delete all until the more secure
> > gdm will be released ?
>
> At the bare minimum, I would suggest doing something similar to
> ports/x11/XFree86-4, which pops up a dialog box warning that
> gdm may contain vulnerabilities leading to local root compromise
> (I don't think it was ever remote-rootable, but I could be wrong).
I believe it was, if configured to listen on the network. I'm not sure if
that is the default or not. Probably the thing to do is to check the
bugtraq archives for known problems and/or the linux security advisories
about it, and then make an appropriate warning.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009131208080.13640-100000>