> On Fri, 7 Feb 1997, Neil Moore wrote:
>
> > > On Fri, 7 Feb 1997 tyson@rwii.com wrote:
> > > I don't agree. Doom has a known bug which allows any user on your system
> > > to get root if doom is installed setuid root. Every Linux distribution
> > > I've ever used installs Doom setuid root, and RedHat has only recently
> > > released a patch to correct this. (The patch doesn't fix doom, just
> > > removes the setuid bit.)
> >
> > Why not just delete it?
>
> Doom is actually one of two programs: xdoom or sdoom. I think there is
> also a framebuffer version of xdoom. (That's the case in quake) sdoom
> uses svgalib and requires that suid root is set. xdoom works w/o suid.
> svgalib sucks anyway...
>
If I'm not wrong ... X11 server (the X server) is a suid program too.
The xterm is suid, Xconsole is suid etc etc.
xdoom works w/o suid because the Xserver is alredy suid.
Ciao,
Riccardo.