https://bugzilla.novell.com/show_bug.cgi?id=632737
https://bugzilla.novell.com/show_bug.cgi?id=632737#c16
Karl Eichwalder changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |ASSIGNED
--- Comment #16 from Karl Eichwalder 2011-03-30 16:07:08 UTC ---
I propose to add this snippet:
Removing the Xorg setUID Bit
============================
The setuid bit on /usr/bin/Xorg is needed for starting X as
unprivileged user, e.g. via startx. That method is deprecated in
favor of a display manager since years. Additionally modern
environments rely on device ACLs and polkit privileges, which in
turn depend on consolekit tracking the active console.
No setuid bit also prevents exploitation of the kernel-heap-stack
overflow problem via X as X cannot be started in a user
controlled environment anymore. Therefore we removed the
setuid bit on Xorg from /etc/permissions.easy.
Users who actually need it, can set it again in
/etc/permissions.local by removing the comment sign from this
line:
#/usr/bin/Xorg root:root 4711
and running SuSEconfig afterwards.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.