Re: HEADS UP: UCONSOLE option has been phased out
On Wed, Apr 03, 2002 at 04:48:52AM -0800, Terry Lambert wrote: > Ruslan Ermilov wrote: > > Hi! > > > > This is a JFYI that the UCONSOLE kernel option has been phased > > out as insecure. Fix your configs. > > Cool. > > I guess you will be making xconsole SUID so that it can still > grab the console, right? On Wed, Apr 03, 2002 at 09:35:11AM -0700, Nate Williams wrote: > > > However, it was required for some X applications to work correctly, > > > which is why it was still being used. > > > > No, it's just required for them to work when run by unprivileged > > users. > > Things like xconsole *are* run by unprivileged users. : $ cat /etc/X11/xdm/GiveConsole : #!/bin/sh : # Assign ownership of the console to the invoking user : # $XConsortium: GiveConsole,v 1.2 93/09/28 14:29:20 gildea Exp $ : # : # By convention, both xconsole and xterm -C check that the : # console is owned by the invoking user and is readable before attaching : # the console output. This way a random user can invoke xterm -C without : # causing serious grief. : # : chown $USER /dev/console Cheers, -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age msg36948/pgp0.pgp Description: PGP signature
Re: HEADS UP: UCONSOLE option has been phased out
> > However, it was required for some X applications to work correctly, > > which is why it was still being used. > > No, it's just required for them to work when run by unprivileged > users. Things like xconsole *are* run by unprivileged users. Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP: UCONSOLE option has been phased out
Nate Williams <[EMAIL PROTECTED]> writes: > However, it was required for some X applications to work correctly, > which is why it was still being used. No, it's just required for them to work when run by unprivileged users. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP: UCONSOLE option has been phased out
> This is a JFYI that the UCONSOLE kernel option has been phased > out as insecure. Fix your configs. Umm, it's listed as insecure in the every config file, so you're not saying anything that wasn't already known. However, it was required for some X applications to work correctly, which is why it was still being used. What is being done now to ensure those applications still work? Did you provide patches to the XFRee86 team for FreeBSD? Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP: UCONSOLE option has been phased out
Ruslan Ermilov wrote: > Hi! > > This is a JFYI that the UCONSOLE kernel option has been phased > out as insecure. Fix your configs. Cool. I guess you will be making xconsole SUID so that it can still grab the console, right? -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message