Date: Tue, 02 Mar 2004 20:52:16 +0100 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: Peter Schultz <pmes@bis.midco.net> Cc: Michael Nottebrock <michaelnottebrock@gmx.net> Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <xzpd67vrpqn.fsf@dwp.des.no> In-Reply-To: <4044D371.7030803@bis.midco.net> (Peter Schultz's message of "Tue, 02 Mar 2004 12:33:21 -0600") References: <20040302153831.GK13724@sirius.firepipe.net> <200403021553.i22Frvhr030302@green.homeunix.org> <20040302161147.GK27008@FreeBSD.org> <20040302175511.GD1377@lum.celabo.org> <4044D371.7030803@bis.midco.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Schultz <pmes@bis.midco.net> writes: > I've always assumed XFree86 to be inherently insecure. I just found > these SUID files outside base on my machine: > > /usr/X11R6/bin/xterm needs setuid to record sessions in utmp / wtmp / lastlog. > /usr/X11R6/bin/xscreensaver needs setuid to verify your password when you unlock. > /usr/X11R6/bin/Xwrapper-4 'pkg_delete -r wrapper-\*' (unless you absolutely must use startx) > /usr/X11R6/libexec/gnome-pty-helper probably needs setuid for the same reason as xterm. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpd67vrpqn.fsf>