X11 security (Was: 2.1.1 and xterm)
X11 security (Was: 2.1.1 and xterm)
- Subject: X11 security (Was: 2.1.1 and xterm)
- From: Harald Hanche-Olsen <email@hidden>
- Date: Sun, 16 Dec 2007 11:35:17 +0100 (CET)
+ William Davis <email@hidden>:
> It is also more secure since part of the DISPLAY value is randomly
> set -- a possible intruder cant make any useful assumptions about
> where the display socket is.
That is called security by obscurity, which is generally not very
secure at all. In this case, running ls -lrtd /tmp/launch* gives a
pretty good indication of what to try. Oh, but on the other hand
those directories are readable only by their owners, so that is not a
viable way into the user's X server anyhow.
If you want real security against other users with shell access on
your machine, I think you will have to remove /tmp/.X11-unix/X0 or at
least do: chmod 700 /tmp/.X11-unix/X0
Actually, this seems to be a security hole. Shouldn't the socket in
/tmp/.X11-unix/X0 be mode 700 by default? On other unixes it is
usually not, since there is also the TCP socket on port 6000 for which
unix permissions don't make any sense, so you need some form of xauth
access control anyhow.
- Harald
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden