Today, I discovered by accident that having setuid option set on xorg-server -- which is the default option -- may be dangerous. (I guess you all knew that already :-).
Another logged in user "killed" my screen by typing: X :1 After turning setuid off, this denial of service attack was not possible anymore. To be honest, I was really surprised that a regular user with no special permissions can disrupt other people's x11 sessions that easily. Although, let me be precise here. It seems to be that he actually opened another X11 session (which is the idea of this command I guess). However, none of those sessions were displayed anymore on the screen. Am I missing anything in my security configuration? What do you think? Cheers, Carlo _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
