|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
||||
If the setuid bit is manually re-applied then X will run from a console log in as the normal user (but this is also not best practice).
Code:
doas chmod u+s $(which Xorg)
__________________
Are you infected with Wetiko? |
|
||||
Well, it runs X with elevated privileges, yes, but `top` shows that the process is owned by my user:
Code:
62974 empty 2 0 18M 27M sleep/0 poll 0:08 1.76% Xorg
__________________
Are you infected with Wetiko? |
|
||||
It's a very useful observation, and worthy of discussion.
X has been shown to have security problems. As an example of this, see patch 001 for 6.4-release. The Project recommended disabling the setuid bit immediately, until the patch could be applied. The project has improved the security of X further, by disabling the setuid bit permanently for the next release, and requiring the use of xenodm(1) and its privilege separation to initiate the use of X. See the 2016/10/26 entry of the Following -current FAQ. By re-enabling the setuid bit, you are running X with the permissions and authority of root, and disabling a security feature of the OS. You might want to reconsider your decision. If for no other reason than this: you might use a browser that runs code provided by a website. Last edited by jggimi; 17th December 2018 at 12:37 PM. Reason: clarity |
|
||||
^ Thanks for the extended explanation, it is very much appreciated.
I enabled the setuid bit for test purposes only, I usually run xenodm. Thanks again for the good advice.
__________________
Are you infected with Wetiko? |
|
|||
Thanks for this discussion. I haven't run into this issue yet, but I guess I will pretty soon!
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD Opera will be removed for 5.8 | jggimi | News | 16 | 26th March 2017 03:35 PM |
OpenBSD kern.usermount removed for OpenBSD 6.0 | jggimi | News | 1 | 15th July 2016 03:47 PM |
systrace(1) is removed for OpenBSD 6.0 | jggimi | OpenBSD Security | 6 | 27th April 2016 11:26 AM |
help setting gnokii .. setuid and gid bits | daemonfowl | OpenBSD Packages and Ports | 4 | 18th August 2012 03:34 AM |
Is /usr/X11R6/include/ supposed to be in $CPATH | kasse | OpenBSD General | 4 | 3rd December 2008 05:34 PM |