Bugtraq mailing list archives
Re: X11 cookie hijacker
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Wed, 4 Nov 1998 11:39:02 -0500
drwxrwxrwx 2 root root 1024 Oct 30 19:57 /tmp/.X11-unixHang on, aren't those dangerous permissions?XFree86 is still waiting for someone to come up with a real solution to the problem.
Potential solutions:
- set the sticky bit on /tmp/.X11-unix, make sure the bit stays there
This loses big as soon as a second user tries to fire up an X server after the first one has exited.
- make it world-unwritable, make sure it stays this way (this works if all your Xservers run with some extra privileges)
But only then. Lots of servers don't.
- special Solaris option: put /tmp/.X11-{unix,pipe} into /etc/logindevperm (assumption: the user sitting at the console is the only who uses X)
The assumption may be false and the Solaris is not the only OS.
- abolish Unix-domain X11 sockets and use TCP only (giving up MIT-SHM etc)
Which will cripple hosts that don't do TCP as well as people who need the performance improvement MIT-SHM and the like give.
I assume from this list that you don't have a real solution?
In the right contexts, any of those could be a real solution - the problems I've listed are not necessarily problems in any particular installation. If you want us to come up with your idea of a "real solution", first you'll have to clarify what that means. I have a couple of ideas, but I'm not about to get into a cycle of proposing an idea only to have it dismissed as a non-"real" solution without any indication what I have to do to it to make it more "real". der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- X11 cookie hijacker Pavel Kankovsky (Nov 02)
- SSHD Exploit Justin Foutts (Nov 01)
- ISS Security Advisory: BMC PATROL File Creation Vulnerability X-Force (Nov 02)
- Re: X11 cookie hijacker David Dawes (Nov 02)
- Re: X11 cookie hijacker Alan Cox (Nov 03)
- Re: X11 cookie hijacker Olaf Kirch (Nov 05)
- [rootshell] Security Bulletin #25 Aleph One (Nov 03)
- Re: X11 cookie hijacker Willy TARREAU (Nov 04)
- Re: X11 cookie hijacker Casper Dik (Nov 04)
- <Possible follow-ups>
- Re: X11 cookie hijacker der Mouse (Nov 04)
- Regarding the reported DOS against the internal interface of a WatchGuard Rapid Response (Nov 04)
- IE 4.x does not appear to save custom security settings John Schultz (Nov 04)
- Re: X11 cookie hijacker David Dawes (Nov 04)
- xlock mishandles malformed .signature/.plan Aaron Campbell (Nov 04)
- Making xlock setuid root Stefan Rompf (Nov 06)