https://bugzilla.novell.com/show_bug.cgi?id=632737 https://bugzilla.novell.com/show_bug.cgi?id=632737#c16 Karl Eichwalder <ke@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED --- Comment #16 from Karl Eichwalder <ke@novell.com> 2011-03-30 16:07:08 UTC --- I propose to add this snippet: Removing the Xorg setUID Bit ============================ The setuid bit on /usr/bin/Xorg is needed for starting X as unprivileged user, e.g. via startx. That method is deprecated in favor of a display manager since years. Additionally modern environments rely on device ACLs and polkit privileges, which in turn depend on consolekit tracking the active console. No setuid bit also prevents exploitation of the kernel-heap-stack overflow problem via X as X cannot be started in a user controlled environment anymore. Therefore we removed the setuid bit on Xorg from /etc/permissions.easy. Users who actually need it, can set it again in /etc/permissions.local by removing the comment sign from this line: #/usr/bin/Xorg root:root 4711 and running SuSEconfig afterwards. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.