From: "H. Peter Anvin" <hpa@zytor.com>
To: Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
mingo@kernel.org, tglx@linutronix.de
Subject: Re: [PATCH 1/2] add helper for highmem checks
Date: Mon, 11 Feb 2013 15:02:03 -0800 [thread overview]
Message-ID: <5119786B.9020400@zytor.com> (raw)
In-Reply-To: <20130211230003.GG2683@pd.tnic>
On 02/11/2013 03:00 PM, Borislav Petkov wrote:
> On Mon, Feb 11, 2013 at 02:46:43PM -0800, H. Peter Anvin wrote:
>> The X server itself used to do that. Are you saying that wdm is a
>> *privileged process*?
>
> Nah, it is a simple display manager you start with /etc/init.d/wdm init
> script. Like the other display managers gdm, kdm, etc.
>
> But it looks like wdm has copied stuff from xdm (from the README):
>
> "Wdm is a modification of XFree86's xdm package for graphically handling
> authentication and system login. Most of xdm has been preserved (XFree86
> 4.2.1.1) with the Login interface based on a WINGs implementation using
> Tom Rothamel's "external greet" interface (see AUTHORS)."
>
> And from looking at the part in the source which does the /dev/mem
> accesses, it comes from XFree86's source apparently, this is at the
> beginning of src/wdm/genauth.c:
>
Oh, it's not a *window manager*, it is a *session manager* (display
manager), and so it runs as root by default.
Plug the damned hole, submit a bug report to Debian to change the
default, and let's be done with it. That being said, it did flag a real
problem, but what it is doing is dangerous.
-hpa
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
mingo@kernel.org, tglx@linutronix.de
Subject: Re: [PATCH 1/2] add helper for highmem checks
Date: Mon, 11 Feb 2013 15:02:03 -0800 [thread overview]
Message-ID: <5119786B.9020400@zytor.com> (raw)
In-Reply-To: <20130211230003.GG2683@pd.tnic>
On 02/11/2013 03:00 PM, Borislav Petkov wrote:
> On Mon, Feb 11, 2013 at 02:46:43PM -0800, H. Peter Anvin wrote:
>> The X server itself used to do that. Are you saying that wdm is a
>> *privileged process*?
>
> Nah, it is a simple display manager you start with /etc/init.d/wdm init
> script. Like the other display managers gdm, kdm, etc.
>
> But it looks like wdm has copied stuff from xdm (from the README):
>
> "Wdm is a modification of XFree86's xdm package for graphically handling
> authentication and system login. Most of xdm has been preserved (XFree86
> 4.2.1.1) with the Login interface based on a WINGs implementation using
> Tom Rothamel's "external greet" interface (see AUTHORS)."
>
> And from looking at the part in the source which does the /dev/mem
> accesses, it comes from XFree86's source apparently, this is at the
> beginning of src/wdm/genauth.c:
>
Oh, it's not a *window manager*, it is a *session manager* (display
manager), and so it runs as root by default.
Plug the damned hole, submit a bug report to Debian to change the
default, and let's be done with it. That being said, it did flag a real
problem, but what it is doing is dangerous.
-hpa
next prev parent reply other threads:[~2013-02-11 23:02 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-08 20:28 [PATCH 1/2] add helper for highmem checks Dave Hansen
2013-02-08 20:28 ` Dave Hansen
2013-02-08 20:28 ` [PATCH 2/2] make /dev/kmem return error for highmem Dave Hansen
2013-02-08 20:28 ` Dave Hansen
2013-02-08 20:48 ` H. Peter Anvin
2013-02-08 20:48 ` H. Peter Anvin
2013-02-08 20:50 ` [PATCH 1/2] add helper for highmem checks H. Peter Anvin
2013-02-08 20:50 ` H. Peter Anvin
2013-02-08 23:16 ` Dave Hansen
2013-02-08 23:16 ` Dave Hansen
2013-02-09 9:41 ` Borislav Petkov
2013-02-09 9:41 ` Borislav Petkov
2013-02-09 10:47 ` Borislav Petkov
2013-02-09 10:47 ` Borislav Petkov
2013-02-11 17:32 ` Dave Hansen
2013-02-11 17:32 ` Dave Hansen
2013-02-11 18:09 ` H. Peter Anvin
2013-02-11 18:09 ` H. Peter Anvin
2013-02-11 18:28 ` Borislav Petkov
2013-02-11 18:28 ` Borislav Petkov
2013-02-11 19:44 ` H. Peter Anvin
2013-02-11 19:44 ` H. Peter Anvin
2013-02-11 22:34 ` Borislav Petkov
2013-02-11 22:34 ` Borislav Petkov
2013-02-11 22:46 ` H. Peter Anvin
2013-02-11 22:46 ` H. Peter Anvin
2013-02-11 23:00 ` Borislav Petkov
2013-02-11 23:00 ` Borislav Petkov
2013-02-11 23:02 ` H. Peter Anvin [this message]
2013-02-11 23:02 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5119786B.9020400@zytor.com \
--to=hpa@zytor.com \
--cc=bp@alien8.de \
--cc=dave@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.