Bug#292441: X wrapper, -config, -xf86config, etc

[Yann Dirson <ydirson@altern.org>]

On Wed, Apr 12, 2006 at 06:54:46AM +0100, Daniel Stone wrote:
> > The behaviour described for -*config is to allow non-root users to use
> > root-defined configs.  If there is a real security problem with that,
> > it would be good practice to describe the issue in the Xorg manpage,
> > and try to work out an alternative it a full solution cannot be found.
> 
> -*config, -modulepath and -logpath are all documented as only being
> available to root.

>From the 6.9.0 Xorg manpage:

       -config file
               Read the server configuration from file.  This option
               will work for any file when the server is run as root
               (i.e, with real-uid 0), or for files relative to a
               directory in the config search path for all other users.

-modulepath and -logfile are documented as such as you mention,
though, and -logpath is not even documented.


>  -*config and -modulepath because you can execute
> arbitrary code of your choice as root; -logpath because running Xorg
> -logpath /lib/ld-linux.so.1, is a good way to kill a system.

I easily understand this part, and that's why they already put the
search-path restriction mentionned in the manpage.  I was wondering
why this protection was not considered sufficient.


> > The problem I see with that 1997 issue, is that it does not point to a
> > CVE or any other security-related issue.  Not even to a BTS entry.
> 
> Well, CVE didn't exist in 1997, so that would be kind of difficult.

Indeed, I asked myself the question when writing about it - but well,
I only mentionned CVE as an example :)

Best regards,
-- 
Yann Dirson    <ydirson@altern.org> |
Debian-related: <dirson@debian.org> |   Support Debian GNU/Linux:
                                    |  Freedom, Power, Stability, Gratis
     http://ydirson.free.fr/        | Check <http://www.debian.org/>