From sl1200mk2 at gmail.com  Thu Oct 25 19:31:27 2018
From: sl1200mk2 at gmail.com (nicolas bats)
Date: Fri, 26 Oct 2018 04:31:27 +0200
Subject: [Xquartz-dev] x.org hole
Message-ID: <CAPb79oWNMn=ay+Bdp2XNOn8Bxpxey3F=uTdFdCgoL5YbXxVmmQ@mail.gmail.com>

Hi,
https://lists.x.org/archives/xorg-announce/2018-October/002927.html

are we impacted by this?
best regards,
Nicolas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/xquartz-dev/attachments/20181026/ef2dd2f1/attachment.html>

From ken at codeweavers.com  Thu Oct 25 21:20:30 2018
From: ken at codeweavers.com (Ken Thomases)
Date: Thu, 25 Oct 2018 23:20:30 -0500
Subject: [Xquartz-dev] x.org hole
In-Reply-To: <CAPb79oWNMn=ay+Bdp2XNOn8Bxpxey3F=uTdFdCgoL5YbXxVmmQ@mail.gmail.com>
References: <CAPb79oWNMn=ay+Bdp2XNOn8Bxpxey3F=uTdFdCgoL5YbXxVmmQ@mail.gmail.com>
Message-ID: <277BDFCF-6C93-4961-817A-C725B2CAE126@codeweavers.com>

On Oct 25, 2018, at 9:31 PM, nicolas bats <sl1200mk2 at gmail.com> wrote:
> 
> Hi,
> https://lists.x.org/archives/xorg-announce/2018-October/002927.html <https://lists.x.org/archives/xorg-announce/2018-October/002927.html>
> 
> are we impacted by this?

No, unless you're doing something very odd.

The vulnerability only affects systems where the X server is configured so that it has root privileges even when run by a non-privileged user.  XQuartz is not normally configured that way, or with any unusual privileges.  It just runs in your normal user account with your normal privileges.

Regards,
Ken

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/xquartz-dev/attachments/20181025/79167a0b/attachment.html>

From sl1200mk2 at gmail.com  Thu Oct 25 21:58:16 2018
From: sl1200mk2 at gmail.com (nicolas bats)
Date: Fri, 26 Oct 2018 06:58:16 +0200
Subject: [Xquartz-dev] x.org hole
In-Reply-To: <277BDFCF-6C93-4961-817A-C725B2CAE126@codeweavers.com>
References: <CAPb79oWNMn=ay+Bdp2XNOn8Bxpxey3F=uTdFdCgoL5YbXxVmmQ@mail.gmail.com>
 <277BDFCF-6C93-4961-817A-C725B2CAE126@codeweavers.com>
Message-ID: <CAPb79oWRbKCSo9wa4P0E0HSfv-VKEBfXzH=c+B8GA=QMB1yQyA@mail.gmail.com>

ok Ken,
thank you for your answer.
I'm not doing odd things with XQuartz :)

best regards,
Nicolas

Le ven. 26 oct. 2018 à 06:21, Ken Thomases <ken at codeweavers.com> a écrit :

> On Oct 25, 2018, at 9:31 PM, nicolas bats <sl1200mk2 at gmail.com> wrote:
>
>
> Hi,
> https://lists.x.org/archives/xorg-announce/2018-October/002927.html
>
> are we impacted by this?
>
>
> No, unless you're doing something very odd.
>
> The vulnerability only affects systems where the X server is configured so
> that it has root privileges even when run by a non-privileged user.
> XQuartz is not normally configured that way, or with any unusual
> privileges.  It just runs in your normal user account with your normal
> privileges.
>
> Regards,
> Ken
>
>
> _______________________________________________
> Xquartz-dev mailing list
> Xquartz-dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/xquartz-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/xquartz-dev/attachments/20181026/06bcd3b8/attachment.html>