Bug#292441: X wrapper, -config, -xf86config, etc

[Daniel Stone <daniel@fooishbar.org>]

On Wed, Apr 12, 2006 at 01:33:57AM +0200, Yann Dirson wrote:
> On Wed, Apr 12, 2006 at 01:23:53AM +0300, Daniel Stone wrote:
> > > Anyway... although -xf86config is not documented any more in Xorg.1,
> > > the flag is still accepted, and then as expected I can get my
> > > server...
> > 
> > -xf86config, -xorgconfig, -modulepath, and -logpath all need to be
> > added.  (cf. Xorg #6213.)
> 
> Hm.  #6213 is about a recent issue, which surely has nothing to do
> with the issue that existed in 1997, right ?  And if I understand
> well, there are available fixes for Xorg itself, so I do not see a
> need to hack the wrapper for this.  What do I miss ?  What is the link
> between that old issue and the new one ?

The link is that #6213 was a fix for the fact that unprivileged users
could use the -modulepath option, which allows you to say X -modulepath
~/foo, where ~/foo contains a bunch of modules with code you wrote.  The
X server runs as root.

The -modulepath option didn't exist in 1997.

> The behaviour described for -*config is to allow non-root users to use
> root-defined configs.  If there is a real security problem with that,
> it would be good practice to describe the issue in the Xorg manpage,
> and try to work out an alternative it a full solution cannot be found.

-*config, -modulepath and -logpath are all documented as only being
available to root.  -*config and -modulepath because you can execute
arbitrary code of your choice as root; -logpath because running Xorg
-logpath /lib/ld-linux.so.1, is a good way to kill a system.

> The problem I see with that 1997 issue, is that it does not point to a
> CVE or any other security-related issue.  Not even to a BTS entry.

Well, CVE didn't exist in 1997, so that would be kind of difficult.