[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian X package shouldn't install XDM by default

>> One advantage is better security. You don't need suid X server
>> binary. X server needs root right to be able to work with you graphic
>> card. If you use xdm it starts X server itself. Because xdm runs as
>> root it can start X server as root without making X server binary
>> suid. If you start X server via startx your X server binary have to be
>> suid.

P> I don't see an advantage there, if you have to run xdm as root,
P> then your security can be compromised by xdm.

xdm is started from init scripts, suid X server started by user.
In fisrt case program is started in relatively safe environment, in
second case environment can be very hostile.

-- 
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Ilya Martynov (http://martynov.org/)                                    |
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80  E4AE BE1A 53EB 323B DEE6 |
| AGAVA Software Company (http://www.agava.com/)                          |
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Reply to: