On 02/11/2013 03:00 PM, Borislav Petkov wrote:
> On Mon, Feb 11, 2013 at 02:46:43PM -0800, H. Peter Anvin wrote:
>> The X server itself used to do that. Are you saying that wdm is a
>> *privileged process*?
>
> Nah, it is a simple display manager you start with /etc/init.d/wdm init
> script. Like the other display managers gdm, kdm, etc.
>
> But it looks like wdm has copied stuff from xdm (from the README):
>
> "Wdm is a modification of XFree86's xdm package for graphically handling
> authentication and system login. Most of xdm has been preserved (XFree86
> 4.2.1.1) with the Login interface based on a WINGs implementation using
> Tom Rothamel's "external greet" interface (see AUTHORS)."
>
> And from looking at the part in the source which does the /dev/mem
> accesses, it comes from XFree86's source apparently, this is at the
> beginning of src/wdm/genauth.c:
>
Oh, it's not a *window manager*, it is a *session manager* (display
manager), and so it runs as root by default.
Plug the damned hole, submit a bug report to Debian to change the
default, and let's be done with it. That being said, it did flag a real
problem, but what it is doing is dangerous.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
