Re: X11 cookie hijacker

[mouse () RODENTS MONTREAL QC CA (der Mouse)]

> > > > > > drwxrwxrwx   2 root     root         1024 Oct 30 19:57 /tmp/.X11-unix
> > > > > Hang on, aren't those dangerous permissions?
> XFree86 is still waiting for someone to come up with a real solution
> to the problem.

> > Potential solutions:

> > - set the sticky bit on /tmp/.X11-unix, make sure the bit stays
> >    there

This loses big as soon as a second user tries to fire up an X server
after the first one has exited.

> > - make it world-unwritable, make sure it stays this way (this works
> >    if all your Xservers run with some extra privileges)

But only then.  Lots of servers don't.

> > - special Solaris option: put /tmp/.X11-{unix,pipe} into
> >    /etc/logindevperm (assumption: the user sitting at the console is
> >    the only who uses X)

The assumption may be false and the Solaris is not the only OS.

> > - abolish Unix-domain X11 sockets and use TCP only (giving up
> >    MIT-SHM etc)

Which will cripple hosts that don't do TCP as well as people who need
the performance improvement MIT-SHM and the like give.

> I assume from this list that you don't have a real solution?

In the right contexts, any of those could be a real solution - the
problems I've listed are not necessarily problems in any particular
installation.

If you want us to come up with your idea of a "real solution", first
you'll have to clarify what that means.  I have a couple of ideas, but
I'm not about to get into a cycle of proposing an idea only to have it
dismissed as a non-"real" solution without any indication what I have
to do to it to make it more "real".

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B