Mailinglist Archive: opensuse-bugs (6932 mails)
| < Previous | Next > |
[Bug 632737] remove Xorg setuid bit
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Thu, 31 Mar 2011 06:13:17 +0000
- Message-id: <20110331061317.AAC9FCC7D0@soval.provo.novell.com>
https://bugzilla.novell.com/show_bug.cgi?id=632737
https://bugzilla.novell.com/show_bug.cgi?id=632737#c17
--- Comment #17 from Ludwig Nussel <lnussel@xxxxxxxxxx> 2011-03-31 08:13:14
CEST ---
(In reply to comment #16)
No setuid bit also prevents exploitation of the kernel-heap-stack
overflow problem via X as X cannot be started in a user
controlled environment anymore. Therefore we removed the
setuid bit on Xorg from /etc/permissions.easy.
The actual security problem was fixed in the kernel. Removing the
setuid bit is a preventive measurement against potential similar
problems in the future.
Users who actually need it, can set it again in
/etc/permissions.local by removing the comment sign from this
line:
#/usr/bin/Xorg root:root 4711
and running SuSEconfig afterwards.
SuSEconfig --module permissions, SuSEconfig alone does not set
permissions anymore.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |