[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#292441: X wrapper, -config, -xf86config, etc

On Wed, Apr 12, 2006 at 01:23:53AM +0300, Daniel Stone wrote:
> > Anyway... although -xf86config is not documented any more in Xorg.1,
> > the flag is still accepted, and then as expected I can get my
> > server...
> 
> -xf86config, -xorgconfig, -modulepath, and -logpath all need to be
> added.  (cf. Xorg #6213.)

Hm.  #6213 is about a recent issue, which surely has nothing to do
with the issue that existed in 1997, right ?  And if I understand
well, there are available fixes for Xorg itself, so I do not see a
need to hack the wrapper for this.  What do I miss ?  What is the link
between that old issue and the new one ?

The behaviour described for -*config is to allow non-root users to use
root-defined configs.  If there is a real security problem with that,
it would be good practice to describe the issue in the Xorg manpage,
and try to work out an alternative it a full solution cannot be found.

The problem I see with that 1997 issue, is that it does not point to a
CVE or any other security-related issue.  Not even to a BTS entry.

Best regards,
-- 
Yann Dirson    <ydirson@altern.org> |
Debian-related: <dirson@debian.org> |   Support Debian GNU/Linux:
                                    |  Freedom, Power, Stability, Gratis
     http://ydirson.free.fr/        | Check <http://www.debian.org/>
Reply to: