Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Jan 2001 22:25:26 +0100 (CET)
From:      sepp@saargate.de
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/24705: Bug concerning Xwrapper/XFree86-4.0.2
Message-ID:  <200101282125.f0SLPQC04401@sepp.saargate.de>
next in thread | raw e-mail | index | archive | help 

>Number:         24705
>Category:       ports
>Synopsis:       Bug concerning Xwrapper/XFree86-4.0.2
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 28 13:30:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Sebastian Reinert
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
SSS
>Environment:

	The bug was able to be reproduced on several systems (I was 
        exclusively able to test it on i386 machines) with 
        FreeBSD 4.2-STABLE with the original rights on it. 
        The hardware etc. does not matter.

>Description:

	The bug occured when I was trying to start my recently installed 
        XFree86-4.0.2 (installed by the ports) with the little help of 
        Xwrapper that is delivered with the dists of xfree. Together with a 
        script I wrote, every tiny little user (without any special rights) 
        on your system is able to shut it down (like doing "halt"). 

>How-To-Repeat:

	All you need to reproduce this problem is a current version of 
        Xwrapper with x-right, that you get by ftp for example, an account 
        (e.g. telnet) and a 
        self-written script called .xserverrc, that contains following 
        phrase:
        exec Xwrapper $dspnum &args
        It is _very important_ that you use an "&" instead of "$" in front 
        of "args"!  
        After all, you configurate your script with the typical rights (e.g. 
        "777"), execute "startx" (you will have x-right for it by 
        default), and the systems shuts down its daemons.        
        By the way: You do not need root-rights...

>Fix:

	I have fixed it by reconfigure the rights of some executable files 
        that you can mostly find in /usr/X11R6/bin like startx, xinit or X 
        for example. 


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101282125.f0SLPQC04401>