On Tue, Apr 11, 2006 at 11:15:13PM +0200, Yann Dirson wrote:
> Indeed, the current xserver-wrapper code has:
>
> if (!strcmp(argv[i], "-config")) {
> if (setuid(getuid())) {
> perror("X unable to drop setuid privileges for alternate config");
> exit(1);
> }
>
> This looks like undocumented behaviour.
>
> The in-file log says about this:
>
> * Mark W. Eichin: drop privileges on alternate -config, even if we do pass
> the
> * security check, to prevent using the error handling to read
> * the first line of any protected file (19 Sep 1997)
>
> (this can be tracked to XFree86 3.3-6)
>
> I suppose I miss something, since I am quite sure I used the
> -xf86config flag within the last 10 years !
>
> Could it be that even in the XF86 times the wrapper checked for
> -config instead of -xf86config ? Or that "-config" meant something
> else for XFree86 ?
>
>
> Anyway... although -xf86config is not documented any more in Xorg.1,
> the flag is still accepted, and then as expected I can get my
> server...-xf86config, -xorgconfig, -modulepath, and -logpath all need to be added. (cf. Xorg #6213.)
signature.asc
Description: Digital signature
