Bug#400632: x11-common should not ship a SUID root binary

To: Stephen Frost <sfrost@snowman.net>, 400632@bugs.debian.org
Subject: Bug#400632: x11-common should not ship a SUID root binary
From: David Nusinow <dnusinow@speakeasy.net>
Date: Mon, 4 Feb 2008 18:23:14 -0500
Message-id: <[🔎] 20080204232314.GA3995@verizon.net>
Reply-to: David Nusinow <dnusinow@speakeasy.net>, 400632@bugs.debian.org
In-reply-to: <[🔎] 20080204175335.GF5031@tamriel.snowman.net>
References: <[🔎] 20080204175335.GF5031@tamriel.snowman.net>

On Mon, Feb 04, 2008 at 12:53:35PM -0500, Stephen Frost wrote:
> Package: x11-common
> Severity: serious
> tags 400632 -wontfix
> 
> Greetings,
> 
> The setuid usr/bin/X binary should not be shipped with x11-common
> because it's not *needed* for X11 clients.  That by itself is a good
> enough reason.  Put it in xserver-xorg-core or similar, not in
> x11-common.
> 
> Additionally, x11-common gets pulled in on server for things like
> libgd-xpm, which isn't entirely unreasonable if someone wants to
> generate an X pixmap on a server.  One could also have, I dunno,
> *xterm* installed on a server for clients to use without have an X
> server installed on the same server.  Unless xterm *requires*
> usr/bin/X, it shouldn't be installed as part of something xterm
> depends on.

The easy and obvious fix is to just ship this with xserver-xorg instead. To
be honest, I'm not sure why this ended up in x11-common instead of here.

 - David Nusinow

Reply to:

Follow-Ups:
- Bug#400632: x11-common should not ship a SUID root binary
  - From: Julien Cristau <jcristau@debian.org>

References:
- Bug#400632: x11-common should not ship a SUID root binary
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Bug#464015: xserver-xorg-video-mga: doesn't resume properly after s2ram
Next by Date: Re: setting HAL properties on the fly
Previous by thread: Processed (with 5 errors): x11-common should not ship a SUID root binary
Next by thread: Bug#400632: x11-common should not ship a SUID root binary
Index(es):
- Date
- Thread