Re: X server security problem

To: sde1000@cam.ac.uk (Stephen Early)
Cc: debian-user@Pixar.com (Debian user mailing list)
Subject: Re: X server security problem
From: martin.stromberg@lu.erisoft.se (Martin Str|mberg)
Date: Wed, 7 Feb 1996 17:41:37 +0100 (MET)
Message-id: <[🔎] 9602071641.AA12815@mars.lu.erisoft.se>
In-reply-to: <Pine.LNX.3.91.960131141419.14067E-100000@myrddin.chu.cam.ac.uk> from "Stephen Early" at Jan 31, 96 04:06:22 pm

> 
> Recently a security problem which allows any user to overwrite any file 
> was pointed out in the linux-security mailing list. This problem is 
> caused partly by the X servers being installed SUID root.
> 
> The a.out versions of the Debian X server packages (currently in the 
> 'stable' tree on ftp.debian.org) have this problem.  I recommend that you 
> remove the SUID bit on the server by doing the following:
> 
> chmod u-s /usr/X11R6/bin/XF86_*
> 

[ Klippa, klapp, kluppit ]

> Steve Early
> sde1000@cam.ac.uk
> 
> 

Hmm. I did "chmod u-s /usr/X11R6/bin/XF86_S3", then when I tried to run 
"startx" (as myself, not root) it said the server had to be suid root.

So either I don't run X or I have this security problem. 

Does anybody have an idea when the server packages will be updated?


Suspicions aboad,

						MartinS

Reply to:

Follow-Ups:
- Re: X server security problem
  - From: Stephen Early <sde1000@cam.ac.uk>

Prev by Date: hi!
Next by Date: Re: X server security problem
Previous by thread: Re: hi!
Next by thread: Re: X server security problem
Index(es):
- Date
- Thread