Mailinglist Archive: opensuse-bugs (5772 mails)

[bugzilla_noreply@xxxxxxxxxx]

https://bugzilla.novell.com/show_bug.cgi?id=632737

https://bugzilla.novell.com/show_bug.cgi?id=632737#c6


--- Comment #6 from Egbert Eich <eich@xxxxxxxxxx> 2010-08-19 15:22:52 UTC ---
I wonder why comments here are set private. This is an openSUSE bug and private
comments should not exist there.
This is different if a specific security issue is discussed here however we
discuss possible security breach scenarios. This knowledge is public although
the general public may not be aware of those while every serious attacker is.
Thus making this discussion public can only serve to educate more people on the
risks.
My comment (#2) was accidentally set private because for some strange reason
the 'restrict' mark is set by default for me and I forgot to unset it before I
committed the comment and for some other odd reason did unsetting the private
bit fail.

Now to the issue at stake:
I expect to see numerous bug reports when people suddenly cannot run startx any
more as modifying /etc/permissions.local is not the first thing which comes to
their mind.
Thus if we want to do this change I strongly recommend to extend the startx
script to test if the user running it is not root and if so fail with a message
educating him why the change was made and what exactly to do to make startx
work again for him.

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.