On 02/11/2013 03:00 PM, Borislav Petkov wrote: > On Mon, Feb 11, 2013 at 02:46:43PM -0800, H. Peter Anvin wrote: >> The X server itself used to do that. Are you saying that wdm is a >> *privileged process*? > > Nah, it is a simple display manager you start with /etc/init.d/wdm init > script. Like the other display managers gdm, kdm, etc. > > But it looks like wdm has copied stuff from xdm (from the README): > > "Wdm is a modification of XFree86's xdm package for graphically handling > authentication and system login. Most of xdm has been preserved (XFree86 > 4.2.1.1) with the Login interface based on a WINGs implementation using > Tom Rothamel's "external greet" interface (see AUTHORS)." > > And from looking at the part in the source which does the /dev/mem > accesses, it comes from XFree86's source apparently, this is at the > beginning of src/wdm/genauth.c: > Oh, it's not a *window manager*, it is a *session manager* (display manager), and so it runs as root by default. Plug the damned hole, submit a bug report to Debian to change the default, and let's be done with it. That being said, it did flag a real problem, but what it is doing is dangerous. -hpa -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>