Bug#442879: x11-common: /usr/bin/X drops privileges too early
On Mon, Sep 17, 2007 at 18:33:32 +0200, Brice Goglin wrote:
> Mario 'BitKoenig' Holbe wrote:
> > Hello,
> > the new X version seems to drop privileges a little too early when it
> > gets started with -xf86config:
> This is on purpose, for security reasons. Upstream X.org enables the use
> of any file as a custom config file. But the server outputs the first
> broken line in the parse error in the log. It makes it possible to any
> user to read the first line of whichever file in the system by just
> passing it to the X server through -config or -xf86config.
> So -config and -xf86config are modified in Debian to only accepts custom
> config files in /etc/X11. You didn't have the problem with 7.2-5 because
> we only modified -config. Now we modify -xf86config too since the same
> security issue exists there too.
That's not exactly true. Upstream Xorg allows -config/-xf86config for
non-root with files under /etc/X11/ (given with a relative path), while
the Debian wrapper drops privileges when these options are used, without
looking at their argument.
Maybe we should change this, but otoh I'm not sure all files under
/etc/X11/ should be allowed (/etc/X11/Xwrapper.config, e.g., is only
readable by root).