Subject: Re: setuid X programs (Was: Autonice bugging my but! [sic])
To: None <apm@vipunen.hut.fi>
From: Greg Earle <earle@isolar.Tujunga.CA.US>
List: current-users
Date: 01/23/1996 18:01:12
> It's the same problem on all archs but IMHO the worst solution is to
> run Xserver suid root. I've said this before, but here goes again..
> Xservers tend to be huge programs and huge programs tend to have bugs
> and buggy suid root programs can crash the system. Who knows, maybe
> the mysterious crashes I've been having for a long time were caused by
> my xlock which was suid root.
Well, one would hope that anyone running "xlock" would be running "xlockmore"
guised as "xlock", since every version of "xlockmore" since 1.14 (current is
3.6) has not only supported NetBSD, but it's also smart enough to run as the
invoking user all the time, only becoming root as is necessary to read the
shadow password file when unlocking. Just because a binary has setuid bits on
doesn't mean it runs as root all the time, y'know.
I've had system crashes/hangs (NetBSD/SPARC 1.0) while "xlock" was running,
yes; but I don't blame them on the setuid bits.
- Greg