On Wed, Apr 12, 2006 at 06:54:46AM +0100, Daniel Stone wrote: > > The behaviour described for -*config is to allow non-root users to use > > root-defined configs. If there is a real security problem with that, > > it would be good practice to describe the issue in the Xorg manpage, > > and try to work out an alternative it a full solution cannot be found. > > -*config, -modulepath and -logpath are all documented as only being > available to root.
>From the 6.9.0 Xorg manpage: -config file Read the server configuration from file. This option will work for any file when the server is run as root (i.e, with real-uid 0), or for files relative to a directory in the config search path for all other users. -modulepath and -logfile are documented as such as you mention, though, and -logpath is not even documented. > -*config and -modulepath because you can execute > arbitrary code of your choice as root; -logpath because running Xorg > -logpath /lib/ld-linux.so.1, is a good way to kill a system. I easily understand this part, and that's why they already put the search-path restriction mentionned in the manpage. I was wondering why this protection was not considered sufficient. > > The problem I see with that 1997 issue, is that it does not point to a > > CVE or any other security-related issue. Not even to a BTS entry. > > Well, CVE didn't exist in 1997, so that would be kind of difficult. Indeed, I asked myself the question when writing about it - but well, I only mentionned CVE as an example :) Best regards, -- Yann Dirson <[EMAIL PROTECTED]> | Debian-related: <[EMAIL PROTECTED]> | Support Debian GNU/Linux: | Freedom, Power, Stability, Gratis http://ydirson.free.fr/ | Check <http://www.debian.org/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]