Bug 306 - [security] /tmp/.X11-unix and /tmp/.ICE-unix file ownership and permissions
Summary: [security] /tmp/.X11-unix and /tmp/.ICE-unix file ownership and permissions
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xlib (show other bugs)
Version: unspecified
Hardware: x86 (IA32) All
: high major
Assignee: Xorg Project Team
QA Contact:
URL:
Whiteboard:
Keywords:
: 297 (view as bug list)
Depends on:
Blocks: 999
  Show dependency treegraph
 
Reported: 2004-03-15 10:25 UTC by Jim Gettys
Modified: 2004-08-08 16:31 UTC (History)
4 users (show)

See Also:
i915 platform:
i915 features:


Attachments
Early discussion on Gnome mailing list about this issue. (21.06 KB, text/plain)
2004-03-15 10:29 UTC, Jim Gettys
no flags Details

Description Jim Gettys 2004-03-15 10:25:21 UTC
These directories should be owned by root with appropriate protection;
in particular, things can fail if the sockets contained in them are
not accessable to clients properly.

Exactly what the right fix is for this problem isn't immediately obvious.
We will open a discussion on the desktop lists to hash through the
right solutions. The .X11-unix directory is less problematic, as the X server
is (usually) running as root and could (does?) ensure the right properties
on the directory. But the .ICE-unix directory can/does often get set
incorrectly.

This can cause *really* mystic failures at times, for example,
when changing a user's uid if you don't know to search the file system
for all occurances of files owned by someone and change appropriately.
Comment 1 Jim Gettys 2004-03-15 10:29:13 UTC
Created attachment 141 [details]
Early discussion on Gnome mailing list about this issue.
Comment 2 Egbert Eich 2004-05-07 03:35:23 UTC
*** Bug 297 has been marked as a duplicate of this bug. ***
Comment 3 Kevin E. Martin 2004-08-06 12:06:43 UTC
I believe Egbert has checked in a patch to make the checking more strict.  Are
there any other issues that we want to address in this release?  If not, please
move this bug over to blocking the release notes bugs (#999).
Comment 4 Kevin E. Martin 2004-08-09 09:31:19 UTC
Closing and moving over block release notes as discussed on release wranglers call


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.