The following message was part of a discussion on the linux security audit mailing list. It looks like debian "hamm" (up-to-date package versions) took the aproach of sticky bit, but Alan is right (of course) - someone can still "block" /tmp/.X11-unix/X0 from being used.
Cheers, --Amos --Amos Shapira | "Of course Australia was marked for 133 Shlomo Ben-Yosef st. | glory, for its people had been chosen Jerusalem 93 805 | by the finest judges in England." ISRAEL [EMAIL PROTECTED] | -- Anonymous ------- Forwarded Message Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] (Alan Cox) Subject: Re: Minor XF86 DoS To: [EMAIL PROTECTED] (Mark Wooding) Date: Wed, 24 Jun 1998 12:24:44 +0100 (BST) Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] In-Reply-To: <[EMAIL PROTECTED]> from "Mark Wooding" at Jun 24, 98 10:54:03 am Content-Type: text > terribly wonderful idea. Not all X servers are run as root. For > example, Xvnc, the VNC server (see http://www.orl.co.uk/vnc/) contains > an X server the frame buffer of which it makes available via the VNC > protocol to the user's client software. Making the socket directory > read-only except by root would prevent users from running VNC servers. > Sticky bits sound like a more sensible solution to this problem than > read-only-ness. Sticky bit leaves DoS attacks (think "mkdir /tmp/.X11-unix/X0"). There is probably a case for group xserver. Do we have any Xfree people here ? ------- End of Forwarded Message -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]