Bugtraq mailing list archives
Re: X Security problem (?)
From: token () WICX50 INFORMATIK UNI-WUERZBURG DE (Matthias Buelow)
Date: Fri, 14 Nov 1997 11:57:15 +0100
Carlo Wood wrote:
On my (RedHat4.2) linux box, I find: /tmp/.X11-unix/X0= A UNIX domain socket of the X server I assume. The permissions are: drwxrwxrwt 3 root root 1024 Nov 14 01:38 /tmp/ drwxrwxrwx 2 root users 1024 Nov 14 01:56 /tmp/.X11-unix/
^ The problem is obviously the missing sticky bit. I looked on DEC Unix 4.0 and it's got the sticky bit set for .X11-unix. On the RedHat system here, the sticky bit is NOT set. Perhaps it's a generic XFree86 problem, I haven't had the chance to look at a different x86-Unix (for ex. BSD) so far that uses XFree86. -- Matthias Buelow "3 syncs represent the trinity - init, the child and the eternal zombie process." -- Jordan Hubbard * Boycott Micro$oft - see http://www.vcnet.com/bms/ *
Current thread:
- Re: Cisco IOS password encryption facts, (continued)
- Re: Cisco IOS password encryption facts Michael Degerman (Nov 13)
- mode of the i586 F0 bug VaX#n8 (Nov 12)
- Re: mode of the i586 F0 bug Alan Cox (Nov 12)
- Linux F00F Patch Aleph One (Nov 12)
- Re: Safe /tmp cleanup Randal Schwartz (Nov 12)
- Re: Safe /tmp cleanup dsiebert () ICAEN UIOWA EDU (Nov 13)
- another buffer overrun in sperl5.003 Pavel Kankovsky (Nov 13)
- Re: Safe /tmp cleanup Valdis Kletnieks (Nov 13)
- IE4.0 patch Richard Trott (Nov 13)
- X Security problem (?) Carlo Wood (Nov 13)
- Re: X Security problem (?) Matthias Buelow (Nov 14)
- Re: X Security problem (?) Scott Moseman (Nov 14)
- digital unix 4.0 hole John McDonald (Nov 14)
- What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
- Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)
- Re: Safe /tmp cleanup Erik Troan (Nov 13)
- Linux IP fragment overlap bug G P R (Nov 13)
- Re: Linux IP fragment overlap bug Alan Cox (Nov 14)
- Re: Linux IP fragment overlap bug Vadim Kolontsov (Nov 14)
- Re: Linux IP fragment overlap bug David LeBlanc (Nov 14)
- Re: Linux IP fragment overlap bug Morbid Dead Guy (Nov 16)