On Wednesday 04 January 2006 02:36, Otto Moerbeek wrote:
>
> On Tue, 3 Jan 2006, Dave Feustel wrote:
>
> > On Tuesday 03 January 2006 17:50, Otto Moerbeek wrote:
> > >
> > > On Tue, 3 Jan 2006, Dave Feustel wrote:
> > >
> > > > On Tuesday 03 January 2006 17:11, J.C. Roberts wrote:
> > > >
> > > > > The rule of thumb for granting privileges is simple; avoid granting
> > > > > permissions whenever possible.
> > > >
> > > > Check the ownership/privileges on /tmp/.X11-unix/X0 after you start kde
> > > > or Xorg.
> > >
> > > Come on, this is a unix domain socket, as has been pointed out before.
> > > You keep on repeating this nonsense. Having a world writable socket is
> > > not a problem in itself. X has it's own authentication/authorization
> > > scheme, which is used both for unix domain sockets and tcp sockets.
> >
> > I confess that I do not understand the ramifications of the world rw+suid
> > permissions on this socket. I do wonder why this socket has world rw when
> > it seems to work equally well after I do a chmod 4700 on it at the
> > beginning
> > of every kde session. Do not the permissions applied to this socket violate
> > the principle of least privilege mentioned above?
>
> It does not have suid permissions. This clearly shows you understand
> little about permissions. Hint: it's a socket, starting with an 's'.
>
> The princpiple is not violated, because having the socket writable for
> others has it's uses, maybe?
>
> -Otto
Otto,
I reread the man page for ls and I did indeed misread the documentation
as to what the 's' means here. Thanks for pointing that out.
5 0 srwxrwxrwx 1 daf wheel 0 Jan 4 05:01
/tmp/.X11-unix/X0
8 0 srwx------ 1 daf wheel 0 Jan 4 05:01
/tmp/.ICE-unix/dcop15166-1136368903
9 0 srwx------ 1 daf wheel 0 Jan 4 05:01
/tmp/.ICE-unix/389
--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
