> Before anyone makes any "fixes", please explain why this is even
> considered a security hole. Frankly I don't see it. It's not like
> FvwmM4 is being run setuid to root (or anyone else).
But what if you _are_ root? Before anyone goes stomping on me telling
me I'm an idiot to run X as root, let me say that I was forced into it
by the OS and no, I don't do it anymore.
True, 99.95% of the userbase will most likely never do this (unless
they have a death wish or are truly oblivious to pain), but of course,
99.95% of the people aren't trying to crack into the system. And the
truly clueless (it happens to all of us) wouldn't think about this
kind of hole, so why leave it open?
I've fixed my sources -- but I'm not going to twist your arm to fix
yours. :)
--
Brandon M. Browning
Systems Engineer / Mailing List Maintainer
http://www.nwnet.net/
--
Visit the official FVWM web page at <URL:http://www.hpc.uh.edu/fvwm/>.
To unsubscribe from the list, send "unsubscribe fvwm" in the body of a
message to majordomo_at_hpc.uh.edu.
To report problems, send mail to fvwm-owner_at_hpc.uh.edu.
Received on Wed Dec 04 1996 - 13:00:57 GMT