On 11/22/06, Alan Coopersmith <alan.coopersmith at sun.com> wrote: > > Thomas Maier-Komor wrote: > > Hi, > > > > default permissions for .X11-pipe and .X11-unix seems to be 0775 with > ownership root:root. > > > > This prevents Xnest from running. I saw that in Solaris 2.5.1 the > permissions originally have been 0777 and a patch changed it to 0775. I > suspect that there was no support for the sticky bit in Solaris 2.5.1. > > > > What are the reasons that the permission hasn't been changed to 01777 > with more recent versions of Solaris. > > We've discussed this a bit internally recently, and 0775 still protects > against some forms of potential attacks that 01777 does not, such as > denial of service by creating files in the directories that other users > cannot remove. > > Unfortunately, we haven't come up with a good answer yet that provides > both the same level of security and the flexibility to allow non-setid > X servers like Xnest to function fully. >
Is there any particular reason why Xnest can't be setgid root? (I've always run Xvnc setgid root to solve this problem.) -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/xwin-discuss/attachments/20061122/fd416a5d/attachment.html>
