29 Oct
2018
29 Oct
'18
12:22 a.m.
On Mon, 29 Oct 2018 13:01:05 +1300, Peter Reutemann quoted:
'The vulnerability, which is active when OSes run X.org in privileged (setuid) mode ...'
One of the long-standing design flaws in the X11 server is its need to run with privileges. It’s surprising this kind of hole isn’t found more often; give credit to Keith “Mr X11” Packard and others who have done so much work over the years since the revival of the X.org consortium to clean up the code. You know the old joke about «insert name of open-source package here» being practically an operating system by itself? That was more true of the X server code than anything else you might have thought of.