[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian X package shouldn't install XDM by default



On Tue, Apr 17, 2001 at 04:36:58PM +0200, Bernd Eckenfels wrote:
> On Tue, Apr 17, 2001 at 12:35:16PM +0400, Ilya Martynov wrote:
> > xdm is started from init scripts, suid X server started by user.
> > In fisrt case program is started in relatively safe environment, in
> > second case environment can be very hostile.
> 
> Actually the /usr/bin/X Program is a wrapper and not a X Server. xdm had
> some (remote) exploits, so I would not consider it equally safe to
> X-Wrapper.

xdm doesn't listen on TCP ports by default anymore, so this is somewhat
mitigated..

-- 
G. Branden Robinson             |   It's not a matter of alienating authors.
Debian GNU/Linux                |   They have every right to license their
branden@debian.org              |   software however we like.
http://www.debian.org/~branden/ |   -- Craig Sanders, in debian-devel

Attachment: pgpKwtvxHMnxc.pgp
Description: PGP signature


Reply to: