Bug#292441: #292441: X wrapper, -config, -xf86config, etc

To: 292441@bugs.debian.org
Subject: Bug#292441: #292441: X wrapper, -config, -xf86config, etc
From: Yann Dirson <ydirson@altern.org>
Date: Tue, 11 Apr 2006 23:15:13 +0200
Message-id: <[🔎] 20060411211513.GH12638@nowhere.earth>
Reply-to: Yann Dirson <ydirson@altern.org>, 292441@bugs.debian.org

Indeed, the current xserver-wrapper code has:

      if (!strcmp(argv[i], "-config")) {
        if (setuid(getuid())) {
          perror("X unable to drop setuid privileges for alternate config");
          exit(1);
        }

This looks like undocumented behaviour.

The in-file log says about this:

 * Mark W. Eichin: drop privileges on alternate -config, even if we do pass the
 *                 security check, to prevent using the error handling to read
 *                 the first line of any protected file (19 Sep 1997)

(this can be tracked to XFree86 3.3-6)

I suppose I miss something, since I am quite sure I used the
-xf86config flag within the last 10 years !

Could it be that even in the XF86 times the wrapper checked for
-config instead of -xf86config ?  Or that "-config" meant something
else for XFree86 ?


Anyway... although -xf86config is not documented any more in Xorg.1,
the flag is still accepted, and then as expected I can get my
server...

-- 
Yann Dirson    <ydirson@altern.org> |
Debian-related: <dirson@debian.org> |   Support Debian GNU/Linux:
                                    |  Freedom, Power, Stability, Gratis
     http://ydirson.free.fr/        | Check <http://www.debian.org/>

Reply to:

Follow-Ups:
- Bug#292441: #292441: X wrapper, -config, -xf86config, etc
  - From: Daniel Stone <daniels@debian.org>

Prev by Date: Bug#292441: #292441: Non-root startx cannot move log file
Next by Date: Bug#362036: libx11-dev should not depend on libxi-dev
Previous by thread: Bug#292441: #292441: Non-root startx cannot move log file
Next by thread: Bug#292441: #292441: X wrapper, -config, -xf86config, etc
Index(es):
- Date
- Thread