Bug#601878: xserver-xorg-core: no access control by default

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#601878: xserver-xorg-core: no access control by default
From: Josselin Mouette <joss@debian.org>
Date: Sat, 30 Oct 2010 16:43:15 +0200
Message-id: <[🔎] 20101030144315.GA14218@saya.malsain.org>
Reply-to: Josselin Mouette <joss@debian.org>, 601878@bugs.debian.org

Package: xserver-xorg-core
Version: 2:1.7.7-7
Severity: important

As discussed with KiBi, there is a fairly important security issue with 
the X server in squeeze.

Start a X or Xephyr server, with no -auth argument. It will accept all 
clients without a question. With -auth blahblah, as gdm does, it will, 
as expected, accept only authenticated connections.

The version in lenny behaves as expected and just refuses all 
connections unless passed -ac.

-- 
 .''`.      Josselin Mouette
: :' :
`. `'  “If you behave this way because you are blackmailed by someone,
  `-    […] I will see what I can do for you.”  -- Jörg Schilling

Reply to:

Follow-Ups:
- Bug#601878: marked as done (xserver-xorg-core: no access control by default)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: reassign 601444 to xserver-xorg-video-radeon
Next by Date: Bug#600402: marked as done (xterm: no longer respects *VT100.font setting)
Previous by thread: Processed: reassign 601444 to xserver-xorg-video-radeon
Next by thread: Bug#601878: marked as done (xserver-xorg-core: no access control by default)
Index(es):
- Date
- Thread