1 |
On 11/04/18 10:33, tuxic@××××××.de wrote: |
2 |
> |
3 |
> |
4 |
> |
5 |
> |
6 |
> On 11/03 11:20, Daniel Frey wrote: |
7 |
>> On 11/03/18 07:01, Alan Mackenzie wrote: |
8 |
>>> Hello, Gentoo. |
9 |
>>> |
10 |
>>> HEADS UP!!! |
11 |
>>> |
12 |
>>> If you start your X server from the command line with, e.g. startx, you |
13 |
>>> now need to set the new(?) suid USE flag for the xorg-server package. |
14 |
>>> |
15 |
>>> This flag causes the binary to be installed with the setuid file flag, |
16 |
>>> which causes it to run as root. |
17 |
>>> |
18 |
>>> The developers, in this instance, failed to raise the ebuild's version |
19 |
>>> number from 1.20.3 when making this change, and also didn't notify users |
20 |
>>> by a NEWS item, that I can see. |
21 |
>>> |
22 |
>>> The matter was fairly intensively discussed in bug #669648 in Gentoo's |
23 |
>>> bugzilla. |
24 |
>>> |
25 |
>>> So - if you get a permissions error whilst trying to start X, setting |
26 |
>>> the suid USE flag may well be the solution. |
27 |
>>> |
28 |
>> |
29 |
>> I just got hit by this on my mythtv backend, which I only start X to |
30 |
>> configure the mythtv backend. |
31 |
>> |
32 |
>> Yes, enabling the suid USE-flag fixed it (or restored original behaviour?) |
33 |
>> |
34 |
>> Dan |
35 |
>> |
36 |
> |
37 |
> Hi, |
38 |
> |
39 |
> is this already known? |
40 |
> https://twitter.com/hackerfantastic/status/1055517801224396800 |
41 |
> |
42 |
> Is it safe to run X.org suid set? |
43 |
> |
44 |
> Cheers |
45 |
> Meino |
46 |
> |
47 |
> |
48 |
> |
49 |
> |
50 |
|
51 |
Even if you run X as a non-root user it's possible to snoop on the |
52 |
keyboard/mouse input of a different user. So... pick your vulnerability. |
53 |
|
54 |
I stuck with the way it's been working for years and years. However, |
55 |
these systems do not have web access or anything like that, they're |
56 |
mythtv appliances. |
57 |
|
58 |
Dan |