Bug#2082: X11R6: Everybody can remove the contents of /tmp/.X11-unix

To: debian-bugs@Pixar.com
Subject: Bug#2082: X11R6: Everybody can remove the contents of /tmp/.X11-unix
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Date: Mon, 8 Jan 96 14:23 GMT
Message-id: <[🔎] m0tZIU8-0002boC@chiark.chu.cam.ac.uk>
Reply-to: Ian Jackson <ian@chiark.chu.cam.ac.uk>, debian-bugs@Pixar.com
In-reply-to: <[🔎] Pine.LNX.3.91.960107224504.8438C-100000@myrddin.chu.cam.ac.uk>
References: <[🔎] 9601021438.AA11160@server.et-inf.fho-emden.de> <[🔎] Pine.LNX.3.91.960107224504.8438C-100000@myrddin.chu.cam.ac.uk>

Stephen Early writes:
> On Tue, 2 Jan 1996, Peter Tobias wrote:
> > The permissions of the .X11-unix should probably be changed from
> > rwxrwxrwx to a more restrictive mode (maybe with the t bit).
>
> Yes. I think this is a problem in every X installation at the moment. I'm
> wondering whether to have a look through the server source myself, or just
> forward this bug report to the XFree86 people. I haven't received a
> response from them yet about any of the bug reports I've sent to them
> before, so I'm not very hopeful.
>
> Expect slow movement on this problem.

In the meantime, can you please add the sticky bit to the directory
permissions ?

Otherwise anyone can snarf your cookie by substituting their own
socket for the real one, and can then talk to the real X server
themselves.

If you *really* want I'll write an exploit script ...

Ian.

Reply to:

References:
- Bug#2082: X11R6: Everybody can remove the contents of /tmp/.X11-unix
  - From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
- Bug#2082: X11R6: Everybody can remove the contents of /tmp/.X11-unix
  - From: Stephen Early <sde1000@cam.ac.uk>

Prev by Date: GCC strength reduction bug
Next by Date: Re: Bug#2092: procps needs an update for kernels > 1.3.53
Previous by thread: Bug#2082: X11R6: Everybody can remove the contents of /tmp/.X11-unix
Next by thread: Unanswered problem reports by maintainer
Index(es):
- Date
- Thread