denial of service attack for X/esound?
(won't work if anything has already started X including gdm/wdm/xdm
since the last boot).
1. Login as user X.
2. touch /tmp/.X11-unix
3. Login as user Y.
4. Run startx.
5. Since the socket could not be created under /tmp/.X11-unix, clients
will fail to connect. Only a reboot, root, or user X can fix the problem.
For the record, here is the error I get:
_X11TransSocketUnixConnect: Can't connect: errno = 20
I have reported a similar bug for esound's usage of /tmp/.esd (which
IMHO is worse, as only one socket name under /tmp/.esd can be used).
Note: attack for X might also be possible by the other user creating a
directory and restricting access, I haven't tested this in detail yet
I hope this isn't already known, but I looked up the BTS and couldn't
find anything. I haven't yet filled a bug against X, as I am not sure
what package to file the bug against...
Brian May <email@example.com>