Re: [S.u.S.E. Linux] Security problems with X - SuSE ?
W.D.McKinney wrote:
Hi Guys,
I am running SuSE 5.1 of course and wondered what to do about this problem ? I am running Accelerated-X 4.1 with my Matrox Millenium.
The XFree86 team is working on a wrapper to cover this problem. At the moment they recommend to use XDM to launch the Xserver... Ciao BB
Thanks -Dee
-----BEGIN PGP SIGNED MESSAGE-----
Various problems have been found in the X server which makes it a serious threat to system security. All versions of the X server, including Metro X and Accelerated X, are thought to be affected (only XFree86 and the MIT X reference implementation are *known* to be, however). This problem affects all Red Hat Linux platforms and versions.
Currently, no new X servers are available. Instead, Red Hat recommends removing the special permissions from the X server binary (the setuid bit), and using a wrapper program which is now on ftp.redhat.com. To do this, follow the following steps. The order is quite important, so please follow these instructions carefully.
1) Remove the setuid bit from all X servers installed on your system with the following command:
chmod u-s /usr/X11R6/bin/X*
2) Install the updated Xconfigurator package (details below)
3) Install the new xserver-wrapper package (details below)
4) If you are running Accelerated X, run the following command:
ln -sf /usr/X11R6/bin/Xaccel /etc/X11/X
if you are not running Accelerated X, do not do this step!
After these steps have been completed, X should functions as usual.
This information will appear on the Errata for Red Hat Linux 4.2 and Red Hat Linux 5.0 shortly.
Thanks to everyone on BUGTRAQ who brought these problems to our attention.
Red Hat 5.0 - -------------
i386: rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/5.0/i386/Xconfigurator-3.26-1.i386.rpm"><A HREF="ftp://ftp.redhat.com/updates/5.0/i386/Xconfigurator-3.26-1.i386.rpm</A">ftp://ftp.redhat.com/updates/5.0/i386/Xconfigurator-3.26-1.i386.rpm</A</A>> rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/5.0/i386/xserver-wrapper-1.1-1.i386.rpm"><A HREF="ftp://ftp.redhat.com/updates/5.0/i386/xserver-wrapper-1.1-1.i386.rpm</A">ftp://ftp.redhat.com/updates/5.0/i386/xserver-wrapper-1.1-1.i386.rpm</A</A>>
alpha: rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/5.0/alpha/Xconfigurator-3.26-1.alpha.rpm"><A HREF="ftp://ftp.redhat.com/updates/5.0/alpha/Xconfigurator-3.26-1.alpha.rpm</A">ftp://ftp.redhat.com/updates/5.0/alpha/Xconfigurator-3.26-1.alpha.rpm</A</A>> rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/5.0/alpha/xserver-wrapper-1.1-1.alpha.rpm"><A HREF="ftp://ftp.redhat.com/updates/5.0/alpha/xserver-wrapper-1.1-1.alpha.rpm</A">ftp://ftp.redhat.com/updates/5.0/alpha/xserver-wrapper-1.1-1.alpha.rpm</A</A>>
Red Hat 4.2 - -------------
i386: rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/4.2/i386/Xconfigurator-2.6.1-1.i386.rpm"><A HREF="ftp://ftp.redhat.com/updates/4.2/i386/Xconfigurator-2.6.1-1.i386.rpm</A">ftp://ftp.redhat.com/updates/4.2/i386/Xconfigurator-2.6.1-1.i386.rpm</A</A>> rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/4.2/i386/xserver-wrapper-1.1-0.i386.rpm"><A HREF="ftp://ftp.redhat.com/updates/4.2/i386/xserver-wrapper-1.1-0.i386.rpm</A">ftp://ftp.redhat.com/updates/4.2/i386/xserver-wrapper-1.1-0.i386.rpm</A</A>>
alpha: rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/4.2/alpha/Xconfigurator-2.6.1-1.alpha.rpm"><A HREF="ftp://ftp.redhat.com/updates/4.2/alpha/Xconfigurator-2.6.1-1.alpha.rpm</A">ftp://ftp.redhat.com/updates/4.2/alpha/Xconfigurator-2.6.1-1.alpha.rpm</A</A>> rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/4.2/alpha/xserver-wrapper-1.1-0.alpha.rpm"><A HREF="ftp://ftp.redhat.com/updates/4.2/alpha/xserver-wrapper-1.1-0.alpha.rpm</A">ftp://ftp.redhat.com/updates/4.2/alpha/xserver-wrapper-1.1-0.alpha.rpm</A</A>>
SPARC: rpm -Uvh <A HREF="ftp://ftp.redhat.com/updates/4.2/sparc/xserver-wrapper-1.1-0.sparc.rpm"><A HREF="ftp://ftp.redhat.com/updates/4.2/sparc/xserver-wrapper-1.1-0.sparc.rpm</A">ftp://ftp.redhat.com/updates/4.2/sparc/xserver-wrapper-1.1-0.sparc.rpm</A</A>>
-----BEGIN PGP SIGNATURE----- Version: 2.6.2
iQCVAwUBNNiGsqUg6PHLopv5AQHsHgP/aPPd9omBYNM+ie1zOH+pxLRzouz/I6cq gdfzsb+0Wo/b6+0mIyAuKct5S1MQP695yx62EEMu6j/y54+jj2dTkGpNpdohbt3+ jRGwxyQ6lHv2na/IFFKYPSYJdVT5bRbKz+/Tpi4AxYYYW1pIe57P9xxGB7aRV3f1 veW8HK4mvbU= =s3yj -----END PGP SIGNATURE-----
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- Bodo Bauer S.u.S.E., LLC fon +1-510-835 7873 bb@suse.de 458 Santa Clara Avenue fax +1-510-835 7875 <A HREF="http://www.suse.com"><A HREF="http://www.suse.com</A">http://www.suse.com</A</A>> Oakland CA, 94610 USA -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
participants (1)
-
bb@suse.com