On Debian systems, the X wrapper (/usr/bin/X) is a setuid-root binary that
checks for some security requirements before launching Xorg with root
privileges. By default, the wrapper's configuration file only allows users
whose controlling TTY (console) to start the X server, but it is possible to
bypass this restriction by connecting another file (with similar tty
properties) to standard input before launching the X wrapper.
jdstrand> requires pty access. In combination with CVE-2011-4029 this becomes
more important, but that CVE is fixed in Ubuntu.
mdeslaur> Debian fixed this by dropping support for alternate TTY devices,
mdeslaur> which we need for upstart support. See changelog for
mdeslaur> (1:7.4~2ubuntu2) and (1:7.4~4).
Updated: 2012-06-01 15:22:34 UTC (commit 5347)