Once upon a time, Cătălin George Feștilă <catalinfest@xxxxxxxxx> said: > Thank you! > > On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > > > > > > Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă: > > > https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html > > > > https://fedoraproject.org/wiki/Features/RemoveSETUID > > Targeted release: Fedora 15 > > > > ls -la /usr/bin/Xorg > > -rwxr-xr-x 1 root root 273 2018-04-23 20:16 /usr/bin/Xorg That means nothing... that's just a shell script that calls: $ ls -l /usr/libexec/Xorg.wrap -rwsr-xr-x. 1 root root 11376 Apr 12 2018 /usr/libexec/Xorg.wrap which is where the problem lies. I think SELinux should help (because it should stop writes to lots of things), but I haven't seen a bug or statement from Fedora about vulnerability. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
