On 11/21/20 3:38 AM, Niclas Zeising wrote: > On 2020-11-18 20:29, Demi M. Obenour wrote: >> On 11/16/20 1:30 AM, Keith Packard wrote: >>> Alan Coopersmith <alan.coopersm...@oracle.com> writes: >>> >>>> Since this is now public, we can open up the discussion of how to fix it in >>>> public as well, and hope we can make more progress than the security list >>>> did during the embargo phase. >>> >>> I've got a proposed fix for this issue in two merge requests, one for >>> xcb and the other for the X server: >>> >>> https://gitlab.freedesktop.org/xorg/lib/libxcb/-/merge_requests/10 >>> >>> https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/546 >>> >>> These two changes enables code used on Mac OS X for all other platforms. >>> This code allows the X listen socket to be placed anywhere in the file >>> system. Systems which currently place that in /tmp are vulnerable to the >>> bug reported above. Placing this listen socket in a protected location >>> should prevent un-privileged applications from spoofing the X server for >>> the user. >>> >>> Patches for ssh will be needed to close the security issue when >>> forwarding X connections through that. >> >> Do those MRs also prevent clients and servers from using abstract >> sockets? Those are inherently insecure, so support for them should >> probably just be removed. Additionally, will libX11 also be updated? >> >> Sincerely, >> >> Demi >> > > Hi! > Thank you for working on this! > I'm a bit unsure how this is to be handled on non-Linux systems. FreeBSD > doesn't have /run/, as suggested as a place for the socket somewhere in the > thread, for instance. I'm not sure I understand how the socket and related > files are created, and their life cycle. Does the X server create them on > startup, or are they created some other way? > With the proposed changes above, where will sockets be put, at which stage, > and with which permissions?
That’s up to the display manager. I strongly recommend that other UNIX-like OSs implement XDG_RUNTIME_DIR, for security reasons. That said, in the absence of such a directory, sockets can be put in a subdirectory of the user’s home directory. XDG_RUNTIME_DIR can be implemented without the need for systemd or similar. For instance, one could have a setuid root binary that creates a directory named /var/run/user/$UID and chowns it to the invoking user ID. One could also implement a daemon that does the same task. > Thank you! You’re welcome! > Regards > -- > Niclas Zeising Sincerely, Demi Obenour
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
