It seems XFree people disagree... Marc Aurele La France: Contrary to what too many security pundits think, limiting root's power doesn't solve anything. Like bugs, security issues will forever be uncovered, whether they be in setuid applications like an X server or in a kernel itself. The trick, it seems, is to understand where to properly fix them, instead of sowing workarounds all over the place...
( http://marc.theaimsgroup.com/?t=114735843400006&r=1&w=2 ) ...and some Linux developers too... Alan Cox: What it essentially says is "if you can hack the machine enough to get the ability to issue raw i/o accesses you can get any other power you want". Thats always been true. Using SMM to do this seems awfully hard work. ( http://marc.theaimsgroup.com/?t=114735843200004&r=1&w=2 )
