On Mon, 13 Jan 2003, Peter Finderup Lund wrote: > On Mon, 13 Jan 2003, Matthieu Herrb wrote: > > > -rwsr-xr-x 1 root wheel 1740879 Sep 30 22:36 /usr/X11R6/bin/XFree86 > > > > To fix the file modes run the following commands (as root): > > > > chown root /usr/X11R6/bin/XFree86 > > chmod 4755 /usr/X11R6/bin/XFree86 > > > > Otherwise you can use xdm (or gdm or kdm from Gnome/KDE) to start the > > X server as root during boot for you. This is the prefered solution if > > you don't trust the X server enough to have it installed setuid. > > More complete than what I wrote :) > > (on my Debian 3.0 XFree86 has the mode bits 4711 -- there's no need for > anybody to read the binary and it makes harder, in principle, for Evil > Hackers to look for holes in it if they can't read it) > > I still think it would be great if the X server gave an error message > along the above lines -- it would even know whether the chown or chmod > command could be left out (if either the owner or the suid bit was already > correct).
It isn't clear what the "correct" permissions are. Setting the "sticky" or suid bit (the 4 in chmod 4711) makes the machine slightly less secure, so you don't set it unless you need to. Many distributions come configured to start X with xdm, kdm or gdm. In that case the suid bit isn't needed, since these programs are already running as root. You only need that bit if you need to allow ordinary users to run startx. On many systems you don't need to do that, so it is reasonable for Red Hat and Debian to ship XFree86 with the bit not set. -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna _______________________________________________ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
