Bug#601878: xserver-xorg-core: no access control by default
Package: xserver-xorg-core
Version: 2:1.7.7-7
Severity: important
As discussed with KiBi, there is a fairly important security issue with
the X server in squeeze.
Start a X or Xephyr server, with no -auth argument. It will accept all
clients without a question. With -auth blahblah, as gdm does, it will,
as expected, accept only authenticated connections.
The version in lenny behaves as expected and just refuses all
connections unless passed -ac.
--
.''`. Josselin Mouette
: :' :
`. `' “If you behave this way because you are blackmailed by someone,
`- […] I will see what I can do for you.” -- Jörg Schilling
Reply to: