netbsd-users: Re: xdm - selecting WM on login

Subject: Re: xdm - selecting WM on login
To: David S. <davids@idiom.com>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-users
Date: 03/24/2003 14:17:56

On Mon, 24 Mar 2003, David S. wrote:

> Take care with the 'wdm' package.  With it's default configuration, any
> user will be able to halt or re-boot the the system.

I didn't look closely.

$ ls -l `which wdm wdmLogin`
-rwxr-xr-x    1 root     root        72440 Mar 12  2002 /usr/X11R6/bin/wdm
-rwxr-xr-x    1 root     root       337752 Mar 12  2002 /usr/X11R6/bin/wdmLogin

How?

(Or maybe on your systems, the users are members of the operator group
and can run the setuid shutdown command?)

   Jeremy C. Reed
   http://bsd.reedmedia.net/