On Tuesday 03 January 2006 17:50, Otto Moerbeek wrote: > > On Tue, 3 Jan 2006, Dave Feustel wrote: > > > On Tuesday 03 January 2006 17:11, J.C. Roberts wrote: > > > > > The rule of thumb for granting privileges is simple; avoid granting > > > permissions whenever possible. > > > > Check the ownership/privileges on /tmp/.X11-unix/X0 after you start kde or > > Xorg. > > Come on, this is a unix domain socket, as has been pointed out before. > You keep on repeating this nonsense. Having a world writable socket is > not a problem in itself. X has it's own authentication/authorization > scheme, which is used both for unix domain sockets and tcp sockets.
I confess that I do not understand the ramifications of the world rw+suid permissions on this socket. I do wonder why this socket has world rw when it seems to work equally well after I do a chmod 4700 on it at the beginning of every kde session. Do not the permissions applied to this socket violate the principle of least privilege mentioned above? > > Also check the ownership/privileges on the /dev/[pt]typ* pair allocated > > to any konsole session running under kde on openbsd. > > Now that is likely a problem. A workaround is to use xterm instead > of konsole. > > -Otto > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
