Re: X server security problem
>
> Recently a security problem which allows any user to overwrite any file
> was pointed out in the linux-security mailing list. This problem is
> caused partly by the X servers being installed SUID root.
>
> The a.out versions of the Debian X server packages (currently in the
> 'stable' tree on ftp.debian.org) have this problem. I recommend that you
> remove the SUID bit on the server by doing the following:
>
> chmod u-s /usr/X11R6/bin/XF86_*
>
[ Klippa, klapp, kluppit ]
> Steve Early
> sde1000@cam.ac.uk
>
>
Hmm. I did "chmod u-s /usr/X11R6/bin/XF86_S3", then when I tried to run
"startx" (as myself, not root) it said the server had to be suid root.
So either I don't run X or I have this security problem.
Does anybody have an idea when the server packages will be updated?
Suspicions aboad,
MartinS
Reply to: