On Wed, Apr 12, 2006 at 06:54:46AM +0100, Daniel Stone wrote:
> > The behaviour described for -*config is to allow non-root users to use
> > root-defined configs. If there is a real security problem with that,
> > it would be good practice to describe the issue in the Xorg manpage,
> > and try to work out an alternative it a full solution cannot be found.
>
> -*config, -modulepath and -logpath are all documented as only being
> available to root.
>From the 6.9.0 Xorg manpage:
-config file
Read the server configuration from file. This option
will work for any file when the server is run as root
(i.e, with real-uid 0), or for files relative to a
directory in the config search path for all other users.
-modulepath and -logfile are documented as such as you mention,
though, and -logpath is not even documented.
> -*config and -modulepath because you can execute
> arbitrary code of your choice as root; -logpath because running Xorg
> -logpath /lib/ld-linux.so.1, is a good way to kill a system.
I easily understand this part, and that's why they already put the
search-path restriction mentionned in the manpage. I was wondering
why this protection was not considered sufficient.
> > The problem I see with that 1997 issue, is that it does not point to a
> > CVE or any other security-related issue. Not even to a BTS entry.
>
> Well, CVE didn't exist in 1997, so that would be kind of difficult.
Indeed, I asked myself the question when writing about it - but well,
I only mentionned CVE as an example :)
Best regards,
--
Yann Dirson <[EMAIL PROTECTED]> |
Debian-related: <[EMAIL PROTECTED]> | Support Debian GNU/Linux:
| Freedom, Power, Stability, Gratis
http://ydirson.free.fr/ | Check <http://www.debian.org/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
