OpenBSD Journal

xconsole is privsep now too - testing needed

Contributed by jose on from the more-security-as-we-near-a-code-freeze dept.

no name supplied writes:

List:     openbsd-tech
Subject:  xconsole is privsep now too
From:     Theo de Raadt

Date:     2003-02-21 21:33:22

matthieu has changed xconsole(1) so that is also now privsep, and now
the main process does not run as root.  It would be nice if new
snapshots (starting tonight) are tested carefully, to see if any
glitches show up in our X11 privsep and xconsole privsep changes.

As I see it, this now removes almost all the major worries I have had
about the X server traditionally... it is still a large server sitting
on port 6000+n, but not as root, this helps a lot..


Link: (original message)
Actually, we're very near a tree freeze, so it will be a big help to get as many people testing as many architecture snapshots and builds as possible. Lots of things changed for the upcoming 3.3 release: lots of PF changes, ProPolice, various exec protection options, threads, BIND9 was imported, privsep X and now xconsole. Please, download, build, use and report bugs. A few have been found but many more lurk.

(Comments are closed)

  1. By schubert () on

    although you'll only notice the privsep working with xconsole if you drop to console and do a ps output while your X is at the xdm login screen. You'll see xconsole running as _x11 and root. one with [priv] one without.

  2. By Anonymous Coward () on

    Is it listening on TCP/6000 by default?

    I forgot where to set the nolisten tcp directive, where was it, ~/.xinitrc?

    Or isn't it listening on 6000 any more by default?

Latest Articles


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]