On 11/22/06, Alan Coopersmith <[EMAIL PROTECTED]> wrote:
Peter Tribble wrote: > Is there any particular reason why Xnest can't be setgid root? None that we know of, we've just never done a security audit on the code that's specific to Xnest to verify that it's safe to run setgid.
Many sites (I've done this in the past) still put users in the wheel group to control su access, so presumably mere membership of the group isn't that much of a security risk. Or, more paranoid, a group specific to the purpose could be created - and there, the worst consequence of a security problem in Xnest would be the ability to write into the .X11-* directories. -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
_______________________________________________ opensolaris-discuss mailing list [email protected]
