Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Thu Dec 2 16:33:15 CET 2010. -------- --- permissions/permissions.changes 2010-11-18 11:53:03.000000000 +0100 +++ permissions/permissions.changes 2010-12-02 11:21:59.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Dec 2 10:20:11 UTC 2010 - lnussel@suse.de + + - remove Xorg setuid bit (bnc#632737) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- permissions-2010.11.18.1151.tar.bz2 New: ---- permissions-2010.12.02.1122.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.h1Iii4/_old 2010-12-02 16:28:54.000000000 +0100 +++ /var/tmp/diff_new_pack.h1Iii4/_new 2010-12-02 16:28:54.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package permissions (Version 2010.11.18.1151) +# spec file for package permissions (Version 2010.12.02.1122) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -24,7 +24,7 @@ License: GPLv2+ Group: Productivity/Security AutoReqProv: on -Version: 2010.11.18.1151 +Version: 2010.12.02.1122 Release: 1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++++++ permissions-2010.11.18.1151.tar.bz2 -> permissions-2010.12.02.1122.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.18.1151/permissions.easy new/permissions-2010.12.02.1122/permissions.easy --- old/permissions-2010.11.18.1151/permissions.easy 2010-11-18 11:51:54.000000000 +0100 +++ new/permissions-2010.12.02.1122/permissions.easy 2010-12-02 11:22:24.000000000 +0100 @@ -137,8 +137,7 @@ # scotty: # #66211 /usr/bin/ntping root:trusted 4750 -# -/usr/bin/Xorg root:root 4711 + # turn off write and wall by disabling sgid tty: /usr/bin/wall root:tty 2755 /usr/bin/write root:tty 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.18.1151/permissions.local new/permissions-2010.12.02.1122/permissions.local --- old/permissions-2010.11.18.1151/permissions.local 2010-11-18 11:51:54.000000000 +0100 +++ new/permissions-2010.12.02.1122/permissions.local 2010-12-02 11:22:24.000000000 +0100 @@ -28,9 +28,6 @@ # be overridden. # This file needs to end with a newline. # -# example: -#/usr/bin/sperl5.10.8 root:root 4755 -# # # suexec is only secure if the document root doesn't contain files @@ -40,3 +37,8 @@ # http://httpd.apache.org/docs/trunk/suexec.html # #/usr/sbin/suexec2 root:root 4755 + +# setuid bit on Xorg is only needed if no display manager, ie startx +# is used. Beware of CVE-2010-2240. +# +#/usr/bin/Xorg root:root 4711 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.18.1151/permissions.paranoid new/permissions-2010.12.02.1122/permissions.paranoid --- old/permissions-2010.11.18.1151/permissions.paranoid 2010-11-18 11:51:54.000000000 +0100 +++ new/permissions-2010.12.02.1122/permissions.paranoid 2010-12-02 11:22:24.000000000 +0100 @@ -153,8 +153,7 @@ # scotty: # #66211 /usr/bin/ntping root:trusted 0755 -# -/usr/bin/Xorg root:root 0711 + # turned off write and wall by disabling sgid tty: /usr/bin/wall root:tty 0755 /usr/bin/write root:tty 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.18.1151/permissions.secure new/permissions-2010.12.02.1122/permissions.secure --- old/permissions-2010.11.18.1151/permissions.secure 2010-11-18 11:51:54.000000000 +0100 +++ new/permissions-2010.12.02.1122/permissions.secure 2010-12-02 11:22:24.000000000 +0100 @@ -175,8 +175,7 @@ # scotty: # #66211 /usr/bin/ntping root:trusted 4750 -# -/usr/bin/Xorg root:root 0711 + # turned off write and wall by disabling sgid tty: /usr/bin/wall root:tty 0755 /usr/bin/write root:tty 0755 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org