X Windows Systems allows execute as root

TomaCzar · 05-03-2006, 02:29 AM

Did anyone else see this??:

http://news.yahoo.com/s/zd/20060502/tc_zd/177195

I just stumbled upon it, I would think this would be posted just about everywhere you look (linux-wise). Am I missing something??

win32sux · 05-03-2006, 03:02 AM

Quote:

Originally Posted by TomaCzar

Did anyone else see this??:

http://news.yahoo.com/s/zd/20060502/tc_zd/177195

I just stumbled upon it, I would think this would be posted just about everywhere you look (linux-wise). Am I missing something??

no, you're not missing anything...

it's not the first security bug in x11, and it won't be the last...

anyways, here's the patch:

for v6.8.2: http://xorg.freedesktop.org/releases...006-1526.patch

for v6.9.0: http://xorg.freedesktop.org/releases...9.0-mitri.diff

for v7.0: http://xorg.freedesktop.org/releases...0.x-mitri.diff

TomaCzar · 05-03-2006, 11:06 AM

No, not the first bug, but due to the massive use of X11 on *nix machines (moreso than any other app?!) and the seriousness of the vulnerability I wasn't expecting to just happen across it while trolling the net.

geeman2.0 · 05-03-2006, 12:54 PM

Most security exploits are published to the net to inform the users.
The users can then either download a patch if available, or switch to a different version where the exploit doesn't exist, etc...

If they didn't publish the exploits then people would ignorantly continue using vulnerable software while wily crackers slip into their systems.

win32sux · 05-03-2006, 01:30 PM

Quote:

Originally Posted by TomaCzar

No, not the first bug, but due to the massive use of X11 on *nix machines (moreso than any other app?!) and the seriousness of the vulnerability I wasn't expecting to just happen across it while trolling the net.

i actually saw the news published on tons of websites - i guess it depends on one's surfing habits... either way, it's not a highly critical issue IMHO (AFAIK to exploit it you'd have to be authorized to connect to the X server)... BTW, it should be noted that the patch fixes two separate issues: one is the parenthesis issue found by coverity (who are getting great publicity from this, BTW), and the other is a single-character typo in the same file (an ampersand instead of an asterisk)...

taylor_venable · 05-03-2006, 09:16 PM

It's kinda funny to me, since X is such a large and very complex piece of software, that the only people I've heard of running privilege separation and drops on X are the OpenBSD folks. We all know they're a paranoid bunch, and the world (and my servers) are better for it. But has anybody else made the X server run as a non-privileged user?