LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-20-2006, 07:51 PM   #1
Franklin
Senior Member
 
Registered: Oct 2002
Distribution: Slackware, Windows 7
Posts: 1,258

Rep: Reputation: 62
Security update to X11, -current only


Just an FYI.

Those running -current with the new X11 will need to update due to security issues.

http://www.slackware.org/changelog/current.php?cpu=i386

stable is not affected.
 
Old 03-20-2006, 10:02 PM   #2
gravityworks
LQ Newbie
 
Registered: Jun 2004
Posts: 18

Rep: Reputation: 0
well this xorg upgrade went very wrong for me..after the upgrade i couldn't log into kde as user ,but could as root..not sure if this is just a problem with my setup or something screwy with this xorg update..luckely i have a spare slack install,just for when things go bad in current..anybody else experience this?
 
Old 03-21-2006, 12:43 AM   #3
kodon
Member
 
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796

Rep: Reputation: 31
yeah. Xorg isn't suid in the new package...
i just manually chmod'ed it
 
Old 03-21-2006, 12:50 AM   #4
bird603568
Member
 
Registered: Aug 2004
Distribution: Slackware current
Posts: 250

Rep: Reputation: 30
yep i haf to down grade to 10.2 then down grade kde but you are right it isnt setuided
 
Old 03-21-2006, 12:56 AM   #5
gravityworks
LQ Newbie
 
Registered: Jun 2004
Posts: 18

Rep: Reputation: 0
okay great,thanks for the responses Kodon and bird603568..was starting to second guess myself,thought i might have done something wrong..i guess this is just parr for the coarse when playing with current..sometimes(although very rare)things don't work out like they should.
 
Old 03-21-2006, 04:18 AM   #6
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,211

Rep: Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431
what file/directory that should be chmod'ed??
i will try to upgrade it today
 
Old 03-21-2006, 04:42 AM   #7
Speek
Member
 
Registered: Sep 2003
Location: The Netherlands
Distribution: Slackware
Posts: 124

Rep: Reputation: 41
chmod u+s /usr/X11R6/bin/Xorg
 
Old 03-21-2006, 04:46 AM   #8
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,211

Rep: Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431
thanks, that will makes my upgrade simpler
 
Old 03-21-2006, 06:50 AM   #9
chess
Member
 
Registered: Mar 2002
Location: 127.0.0.1
Distribution: Slackware and OpenBSD
Posts: 737

Rep: Reputation: 190Reputation: 190
Please let Pat V. know about these problems.
 
Old 03-21-2006, 06:48 PM   #10
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,211

Rep: Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431
i have done it just now
Thanks for the solution. It worked like charm
 
Old 03-21-2006, 07:00 PM   #11
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,211

Rep: Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431
Here's Pat reply :

Quote:
Thanks, this is fixed already but not at all mirrors (along with a
looooong explanation/excuse in the ChangeLog ;-)
and here's the new Changelog

Quote:
Tue Mar 21 11:17:27 CST 2006
x/x11-6.9.0-i486-3.tgz: Fixed /usr/X11R6/bin/Xorg, which due to being not
setuid root could not be used by non-root users. Thanks to the many people
who reported this issue. I tracked it down to a new (or rather, back again)
behavior of "chown", which is removing the suid/sgid bits from any file that
it touches. I remember this same situation from the old days, and it's
why many of the older package builds use a package skeleton and then install
binaries using "cat" -- this prevents the changing of the permissions.
If I recall correctly, "strip" also used to do this. Looking in the kernel
source, I see some mention in fs/open.c about doing this as a safety feature.
IMO, it doesn't seem like the right thing to do, though. If I want chmod,
I'll use it, thank you. However, it looks like the feature was added years
ago, and I have no idea why it has just recently kicked in. I've gone back
and tested on a Slackware 10.2 box, and it's also showing the same effects
with "chown", so it seems to me that this sort of breakage should have
been happening when the x11*-6.9.0-i486-1.tgz packages were built, too,
but Xorg was properly setuid in that package set. I tried dropping back
to the previous coreutils, and this also didn't help. It's a mystery.
Anyway, my first thought was to simply move the "chmod 4711" on Xorg to
after the last "chown" in the build script, but decided that the best way
to handle this is to begin phasing out the use of the "bin" group on
binaries and binary directories. There was never any use to this ever, so
far as I can tell. I think someone working on the FHS just thought that
root:bin looked nicer, or something. ;-) Most distributions install
binaries as root:root now anyway, and the latest standards no longer
require root:bin. Since it doesn't matter, don't expect everything to
change all at once -- don't send bug reports concerning files or
directories that "should be" root:bin or root:root. We will move away
from root:bin to root:root as new packages are built.
I sure hope "strip" doesn't start acting up next...
x/x11-devel-6.9.0-i486-3.tgz: Rebuilt. Really, there was no need to rebuild
this or the below packages, but I like a consistent build number when it's
not too much trouble to have it.
x/x11-docs-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-docs-html-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-xdmx-6.9.0-i486-3.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-3.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-3.tgz: Recompiled.
+--------------------------+
 
Old 03-21-2006, 07:28 PM   #12
Franklin
Senior Member
 
Registered: Oct 2002
Distribution: Slackware, Windows 7
Posts: 1,258

Original Poster
Rep: Reputation: 62
Very odd. I did not have a problem at all ...

Just checked and I used the pre-fix version. I wonder if its only an issue with 2.6 kernels. Don't know what everyone else is using kernel-wise in this thread. I have not upgraded my 2.6.15.6 box yet. Time to try and break something

Everything fine on 2.6 box too. Weird

Last edited by Franklin; 03-21-2006 at 07:44 PM.
 
Old 03-21-2006, 07:34 PM   #13
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,211

Rep: Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431
i don't know whether i'm infected or not, since i apply the solution after i upgraded my Xorg packages, but as far as i know, it worked and Pat has also received some reports that the new Xorg packages was broken
 
Old 03-21-2006, 08:16 PM   #14
bird603568
Member
 
Registered: Aug 2004
Distribution: Slackware current
Posts: 250

Rep: Reputation: 30
Quote:
Originally Posted by willysr
i don't know whether i'm infected or not, since i apply the solution after i upgraded my Xorg packages, but as far as i know, it worked and Pat has also received some reports that the new Xorg packages was broken
infected? What do you mean by infected
 
Old 03-22-2006, 12:17 AM   #15
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,211

Rep: Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431Reputation: 1431
i mean 'affected' by the bugs
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Port 6000 X11 Security Hole stony1205 Linux - Security 4 01-08-2008 12:31 AM
X11 6.8.1 in slack-current branch r_jensen11 Slackware 19 09-30-2004 05:49 AM
When Ever I Update to Current FXRS Slackware 5 04-19-2004 02:13 AM
Slackware Security Update: GDM security update phoeniXflame Slackware 2 08-26-2003 04:21 PM
X11 Security Nice Guy Eddie Slackware 2 04-26-2003 12:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration