Security and X Server
Support knowledgebase (max_xserver)
Applies to
SuSE Linux: All versions
Symptom:
The X server of the standard installation allows all users to read the first line of any
file that normally can be accessed by root only. This may represent a certain (although not
significant) security risk, since e.g. root's encrypted password is usually located in
the first line of the file /etc/shadow, and therefore could be read by anyone.
Solution:
This risk can be avoided in security-dependent fields by deleting the suid bit of the
executable X server file with the command:
chmod u-s /usr/X11R6/bin/X-server
Please replace X-server with the name of the installed X server (e.g. XF86_SVGA).
In this way, a normal user will not be able to start XFree86 by him/herself
(e.g. with startx), but the X window system shall be started through
xdm.
Keywords: X11R6, X, X11, XFREE86, X SERVER, SECURITY
SDB-max_xserver, Copyright SuSE Linux AG, Nürnberg, Germany
- Version: 08. Jan 2002
SuSE Linux AG - Last generated: 17. Apr 2002 by glazzar (sdb_gen 1.40.0)