> Certainly that part is OS-specific. On my VMS machine, X-windows processes > do not run as root.
The X Window server needs elevated privileges because it can trigger DMA on the graphics card (and thus read arbitrary memory, unless you've got an IOMMU). Chances are, however, that your VMS implementation does not even support the Xrender extension. Of course, the impact of this vulnerability is exaggerated in the article. Local privilege escalation vulnerabilties are numerous. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
