Re: Re: su/sudo cannot X

To: debian-user@lists.debian.org
Subject: Re: Re: su/sudo cannot X
From: Lei Kong <lei.kong@gmail.com>
Date: Thu, 19 Jan 2006 22:00:22 -0500
Message-id: <[🔎] 43D05246.2000908@gmail.com>
In-reply-to: <[🔎] 87bqy89chp.fsf@toncho.dhh.gt.org>
References: <[🔎] 87bqy89chp.fsf@toncho.dhh.gt.org>

John Hasler wrote

X and X applications are exceedingly complex, unaudited, and likely to be
chock full of buffer overruns, format string vulnerabilities, and other


I guess a checking on CERT's vulnerability list will reveal if this is true, X vs
non-X.

nasties.  Consider the segfaults and memory leaks in Firefox, for example.

It only makes sense that you should want to run as little code as possible
as root.  X drags in cubic miles of it.

Yeah, that's a general rule, but I am not sure if it is legit todraw the line on whether it is X or not. I am actually not trying to runtons of X applications as root, just some of the admin tools insist

on connecting to X, like my printer driver from samsung. Making sudo/su
X painful doesn't mean I will give up running them. I wondering how much
difference it makes on security by making sudo/su incapable of connecting
to X by default. This is different than logging into X as root.

Lei

Reply to:

References:
- Re: su/sudo cannot X
  - From: John Hasler <john@dhh.gt.org>

Prev by Date: Re: Most directories locked read-only: unlocked!
Next by Date: Re: Bandwidth Throttling for Firefox?
Previous by thread: Re: su/sudo cannot X
Next by thread: Re: Re: su/sudo cannot X
Index(es):
- Date
- Thread