[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: X server security problem

> Recently a security problem which allows any user to overwrite any file 
> was pointed out in the linux-security mailing list. This problem is 
> caused partly by the X servers being installed SUID root.
> The a.out versions of the Debian X server packages (currently in the 
> 'stable' tree on ftp.debian.org) have this problem.  I recommend that you 
> remove the SUID bit on the server by doing the following:
> chmod u-s /usr/X11R6/bin/XF86_*

[ Klippa, klapp, kluppit ]

> Steve Early
> sde1000@cam.ac.uk

Hmm. I did "chmod u-s /usr/X11R6/bin/XF86_S3", then when I tried to run 
"startx" (as myself, not root) it said the server had to be suid root.

So either I don't run X or I have this security problem. 

Does anybody have an idea when the server packages will be updated?

Suspicions aboad,


Reply to: