Oleg Vinichenko Posted October 27, 2018 Report Share Posted October 27, 2018 Hi, everyone! X.Org security update now available with version 1.19.3-r3. By default xorg-server ebuild installs the /usr/bin/Xorg binary with suid . In 1.19 it was found a regression which allowed a privilege escalation. This is now fixed with patch. More details can be found here: https://www.mail-archive.com/xorg-announce@lists.x.org/msg01138.html A notice on suid USE flag. By default this USE flag is enabled and with unpatched xorg-server there is a security risk. Upstream recommendation is to disable suid USE. This can be achieved by: echo "x11-base/xorg-server -suid" >> /etc/portage/package.use emerge -1 xorg-server This will work in most cases, when login managers are used, such as GDM or similar. In case you are starting the X via xinit or startx, disable of suid USE may impact the X start. You can leave the suid USE turned on, as xorg-server has the vulnerability fix applied. AdiosKid 1 Link to comment Share on other sites More sharing options...
Funtoo Linux BDFL drobbins Posted October 28, 2018 Funtoo Linux BDFL Report Share Posted October 28, 2018 Also note -- in the next release of Funtoo Linux (1.3), we will default to having suid disabled in xorg-server, but it will remain enabled by default in 1.2. Thanks, Oleg, for your work on this. AdiosKid 1 Link to comment Share on other sites More sharing options...
Recommended Posts