Date: Fri, 27 Oct 2000 15:43:37 -0700 From: Kris Kennaway <kris@citusc.usc.edu> To: Carlos A M dos Santos <casantos@cpmet.ufpel.tche.br> Cc: Kris Kennaway <kris@citusc.usc.edu>, Satoshi - Ports Wraith - Asami <asami@FreeBSD.ORG>, kris@FreeBSD.ORG, ports@FreeBSD.ORG, qa@FreeBSD.ORG, taguchi@tohoku.iij.ad.jp Subject: Re: Making XFree86-4 the default Message-ID: <20001027154337.A8619@citusc17.usc.edu> In-Reply-To: <Pine.BSF.4.21.0010271012550.394-100000@gate.cpmet.ufpel.tche.br>; from casantos@cpmet.ufpel.tche.br on Fri, Oct 27, 2000 at 10:20:24AM %2B0000 References: <20001026183207.A71629@citusc17.usc.edu> <Pine.BSF.4.21.0010271012550.394-100000@gate.cpmet.ufpel.tche.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 27, 2000 at 10:20:24AM +0000, Carlos A M dos Santos wrote: > Well, in 4.1-RELEASE with XFree 3.3.6 it *is* doing something. Look at > /etc/pam.conf. Yes, it does in 3.3.6, we are talking about 4.0.x. > > Do we depend on the xwrapper by default yet, and not install the > > servers setuid root? > > The X server needs to be installed suid root only if you want it to be > started by ordinary users with "startx". XDM already starts the server as > root. The server doesn't use any authentication, PAM or whatever else, XDM > does. Again, I'm talking about the behaviour of the 4.0.x server. 3.3.6 was not installed setuid root, but had a setuid root wrapper which performed some amount of input validation, and was responsible for catching at least one server buffer overflow. 4.0.x removed that, although we now have an xwrapper port which should be used by default. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001027154337.A8619>