Re: XFree86 insecurity (fwd)

To: Tommy Lakofski <tommy@88.net>
Cc: debian-user@lists.debian.org
Subject: Re: XFree86 insecurity (fwd)
From: Hamish Moffatt <hamish@debian.org>
Date: Sat, 22 Nov 1997 14:37:47 +1100
Message-id: <19971122143747.44054@yallara.cs.rmit.edu.au>
In-reply-to: <Pine.LNX.3.96.971121205822.6129A-100000@oi.88.net>; from Tommy Lakofski on Fri, Nov 21, 1997 at 09:02:11PM -0500
References: <Pine.LNX.3.96.971121205822.6129A-100000@oi.88.net>

On Fri, Nov 21, 1997 at 09:02:11PM -0500, Tommy Lakofski wrote:
> Anyone know if debian is vulnerable to this, given that the setuid
> /usr/X11R6/bin/X is a wrapper for the XFree86 server?
> 
> I'd like to know before I chmod u-s /usr/X11R6/bin/X...

Just try it. I tried it here, and found it did not work.

[2:38pm] hamish@hamishpc:~> X -config /etc/shadow

Fatal server error:
Can't open option file /etc/shadow


When reporting a problem related to a server crash, please send
the full server output, not just the last messages


Thanks for forwarding this Tommy. You can make sure it reaches
the appropriate people by sending it to security@debian.org too.


Hamish
-- 
Hamish Moffatt, StudIEAust              hamish@debian.org, hmoffatt@mail.com
Student, computer science & computer systems engineering.    3rd year, RMIT.
http://hamish.home.ml.org/ (PGP key here)             CPOM: [******    ] 60%
Your train has been cancelled due to defective government at Spring Street..


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- XFree86 insecurity (fwd)
  - From: Tommy Lakofski <tommy@88.net>

Prev by Date: troubleshooting PnP modem on Linux 2.0.29 platform
Next by Date: RAID controllers?
Previous by thread: XFree86 insecurity (fwd)
Next by thread: povray copyright
Index(es):
- Date
- Thread