Alan Cox: Re: Minor XF86 DoS
The following message was part of a discussion on the linux security
audit mailing list. It looks like debian "hamm" (up-to-date package
versions) took the aproach of sticky bit, but Alan is right (of
course) - someone can still "block" /tmp/.X11-unix/X0 from being used.
Cheers,
--Amos
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL amos@gezernet.co.il | -- Anonymous
------- Forwarded Message
Message-Id: <m0yonfR-000aOnC@the-village.bc.nu>
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
Subject: Re: Minor XF86 DoS
To: mdw@ebi.ac.uk (Mark Wooding)
Date: Wed, 24 Jun 1998 12:24:44 +0100 (BST)
Cc: alan@lxorguk.ukuu.org.uk, wcooley@nakedape.ml.org,
security-audit@ferret.lmh.ox.ac.uk
In-Reply-To: <19980624105403.1705.qmail@catbert.ebi.ac.uk> from "Mark Wooding" at Jun 24, 98 10:54:03 am
Content-Type: text
> terribly wonderful idea. Not all X servers are run as root. For
> example, Xvnc, the VNC server (see http://www.orl.co.uk/vnc/) contains
> an X server the frame buffer of which it makes available via the VNC
> protocol to the user's client software. Making the socket directory
> read-only except by root would prevent users from running VNC servers.
> Sticky bits sound like a more sensible solution to this problem than
> read-only-ness.
Sticky bit leaves DoS attacks (think "mkdir /tmp/.X11-unix/X0"). There
is probably a case for group xserver. Do we have any Xfree people here ?
------- End of Forwarded Message
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: