[5602] in bugtraq
Re: X Security problem (?)
daemon@ATHENA.MIT.EDU (Matthias Buelow)
Fri Nov 14 11:12:45 1997
Date: Fri, 14 Nov 1997 11:57:15 +0100
Reply-To: Matthias Buelow <token@WICX50.INFORMATIK.UNI-WUERZBURG.DE>
From: Matthias Buelow <token@WICX50.INFORMATIK.UNI-WUERZBURG.DE>
X-To: carlo@RUNAWAY.XS4ALL.NL
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199711140113.CAA09289@jolan.xs4all.nl> from Carlo Wood at "Nov
14, 97 02:13:22 am"
Carlo Wood wrote:
> On my (RedHat4.2) linux box, I find:
>
> /tmp/.X11-unix/X0=
>
> A UNIX domain socket of the X server I assume.
>
> The permissions are:
>
> drwxrwxrwt 3 root root 1024 Nov 14 01:38 /tmp/
> drwxrwxrwx 2 root users 1024 Nov 14 01:56 /tmp/.X11-unix/
^
The problem is obviously the missing sticky bit.
I looked on DEC Unix 4.0 and it's got the sticky bit set for .X11-unix.
On the RedHat system here, the sticky bit is NOT set.
Perhaps it's a generic XFree86 problem, I haven't had the chance to look
at a different x86-Unix (for ex. BSD) so far that uses XFree86.
--
Matthias Buelow "3 syncs represent the trinity - init, the child and the
eternal zombie process." -- Jordan Hubbard
* Boycott Micro$oft - see http://www.vcnet.com/bms/ *
