Dunno if it was inentional or not but xbl package currently in rawhide has xbl running sgid root, i.e.: [root@king may26]# ls -al /usr/X11R6/bin/xbl -rwxr-sr-x 1 root root 108388 May 21 07:44 /usr/X11R6/bin/xbl This is VERY unsafe because xbl has numerous unchecked buffers, for example the XBLOPTIONS environmental variable is appended to a fixed size buffer using strcat and no bounds checking resulting in elevated privilages. executing xbl -display with a large display name causes xbl to segfault probable overflow there. xbl -font and -bigfont both segfault with large buffers and are potentially exploitable. These are just some I noticed after finding the initial problem, and I'm pretty sure there are more. I know this program was not setgid root in RedHat Linux 5.2, and IMHO it is unsafe to have it sgid root in its present condition. -Stan Bubrouski
thank for your report. i have fixed this problem.