Bug#2082: X11R6: Everybody can remove the contents of /tmp/.X11-unix
Stephen Early writes:
> On Tue, 2 Jan 1996, Peter Tobias wrote:
> > The permissions of the .X11-unix should probably be changed from
> > rwxrwxrwx to a more restrictive mode (maybe with the t bit).
> Yes. I think this is a problem in every X installation at the moment. I'm
> wondering whether to have a look through the server source myself, or just
> forward this bug report to the XFree86 people. I haven't received a
> response from them yet about any of the bug reports I've sent to them
> before, so I'm not very hopeful.
> Expect slow movement on this problem.
In the meantime, can you please add the sticky bit to the directory
Otherwise anyone can snarf your cookie by substituting their own
socket for the real one, and can then talk to the real X server
If you *really* want I'll write an exploit script ...