From owner-cvs-all  Tue May  2 13: 2:54 2000
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7313137B52B; Tue,  2 May 2000 13:02:49 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA56132;
	Tue, 2 May 2000 13:02:48 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Tue, 2 May 2000 13:02:48 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: ports/x11/XFree86-4 Makefile
In-Reply-To: <xzpu2ghhr6n.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.0005021301410.55994-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 2 May 2000, Dag-Erling Smorgrav wrote:

> Kris Kennaway <kris@FreeBSD.org> writes:
> >   Log:
> >   Mark FORBIDDEN due to the root hole in the X server reported on Bugtraq.
> >   I've tried *multiple* times to talk to an XFree86 developer about the
> >   problem, but they haven't deigned to respond to me.
> 
> I must have missed something - AFAIK, 4.0 was reported as not
> vulnerable, whereas 3.3.6 was vulnerable.

You missed me reporting it as vulnerable. Try this as non-root:

XFree86 -xkbmap `perl -e 'print "a"x5000'`

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message