On Wed, Apr 12, 2006 at 01:23:53AM +0300, Daniel Stone wrote:
> > Anyway... although -xf86config is not documented any more in Xorg.1,
> > the flag is still accepted, and then as expected I can get my
> > server...
>
> -xf86config, -xorgconfig, -modulepath, and -logpath all need to be
> added. (cf. Xorg #6213.)
Hm. #6213 is about a recent issue, which surely has nothing to do
with the issue that existed in 1997, right ? And if I understand
well, there are available fixes for Xorg itself, so I do not see a
need to hack the wrapper for this. What do I miss ? What is the link
between that old issue and the new one ?
The behaviour described for -*config is to allow non-root users to use
root-defined configs. If there is a real security problem with that,
it would be good practice to describe the issue in the Xorg manpage,
and try to work out an alternative it a full solution cannot be found.
The problem I see with that 1997 issue, is that it does not point to a
CVE or any other security-related issue. Not even to a BTS entry.
Best regards,
--
Yann Dirson <[EMAIL PROTECTED]> |
Debian-related: <[EMAIL PROTECTED]> | Support Debian GNU/Linux:
| Freedom, Power, Stability, Gratis
http://ydirson.free.fr/ | Check <http://www.debian.org/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
