Recently a security problem which allows any user to overwrite any file was pointed out in the linux-security mailing list. This problem is caused partly by the X servers being installed SUID root.
The a.out versions of the Debian X server packages (currently in the 'stable' tree on ftp.debian.org) have this problem. I recommend that you remove the SUID bit on the server by doing the following: chmod u-s /usr/X11R6/bin/XF86_* The a.out versions of the Debian X packages are built from binaries released by the XFree86 project. Fixed server packages should appear as soon as they release their fixed version. The ELF versions of the Debian X server packages are not installed SUID root. Instead a small SUID wrapper program (/usr/X11R6/bin/X, part of the xbase package) is used, which reads /etc/X11/Xserver to find out which X server to run and who is allowed to run it. This file consists of two lines; the first is the full path of the X server, and the second contains the word 'RootOnly', 'Console' or 'Anybody'. If you have the ELF versions of the X packages then I recommend that you change the second line of /etc/X11/Xserver to read 'RootOnly' until I release new versions of the server packages with the security problem fixed. Steve Early [EMAIL PROTECTED]
