On 4/4/06, Ag Hatzim <[EMAIL PROTECTED]> wrote: > Post-build configuration. > In addition to the usual Xorg configuration steps, make sure the server > was installed SUID root.
This is obviously very important. Thanks for reporting, Ag. This should be in the book, ASAP. I'll throw the text in tomorrow when I add some other changes if no one else gets to it first. > In addition and relative to this issue,a vulnerability has been found in > the X.Org server [1],because the Xorg server is installed setuid root. > The 1.0.2 release is not vulnerable,however the patch for 6.9.0 [2] should > be put in the book. > > 1. http://wiki.x.org/wiki/SecurityPage > 2. > http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff I noticed that too, and then forgot about it because I was using 1.0.2. :) I'm going to open a bug about this. Ag, do you know if this affect XFree86-4.5.0, too? I have no idea. -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
