On Tue, 27 Dec 2005, Dave Feustel wrote: > On Tuesday 27 December 2005 11:05, Otto Moerbeek wrote: > > > > On Tue, 27 Dec 2005, Dave Feustel wrote: > > > > > by KDE are root-owned and world rw. There is also a problem with the > > > socket > > > /tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD > > > presentation on XFree86 from about 2002. > > > > Dunno about KDE but can you elaborate or give refs why having a world > > writable unix domain socket is considered a problem? > > Here is a presentation of XFree86 security issues that I found yesterday > that seems to be relevant. X0 permissions are specifically addressed. I am > definitely having fewer (if any) problems after several times rm'ing the tmp > files associated with Xorg and KDE. I've done it with no problems except > when I do it while KDE is running. Then DCOP dies. The most reliable way > of reactivating DCOP correctly is (right now) to reboot KDE. > > http://www.openbsd.org/papers/xf86-sec.pdf
Indeed this paper mentions problems withg unix domain sockets. But it is talking about socket _creation_, not _using_ the a unix domain socket. So far you only have given very vague, circumstantial evidence. -Otto