Security and X Server

Support knowledgebase (max_xserver)
Applies to

SuSE Linux: All versions

Symptom:

The X server of the standard installation allows all users to read the first line of any file that normally can be accessed by root only. This may represent a certain (although not significant) security risk, since e.g. root's encrypted password is usually located in the first line of the file /etc/shadow, and therefore could be read by anyone.

Solution:

This risk can be avoided in security-dependent fields by deleting the suid bit of the executable X server file with the command:
chmod u-s /usr/X11R6/bin/X-server

Please replace X-server with the name of the installed X server (e.g. XF86_SVGA).

In this way, a normal user will not be able to start XFree86 by him/herself (e.g. with startx), but the X window system shall be started through xdm.


Keywords: X11R6, X, X11, XFREE86, X SERVER, SECURITY

SDB-max_xserver, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 08. Jan 2002
SuSE Linux AG - Last generated: 17. Apr 2002 by glazzar (sdb_gen 1.40.0)