[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: userspace servers and /tmp/.X11-unix permissions/owners



On Tue, Nov 05, 2002 at 04:04:19PM -0800, Chris Waters wrote:
> So, when I tried to run startx, I got a complaint that the permissions
> on /tmp/.X11-unix were "suspicious".  Turns out that the permissions
> were fine ("drwxrwxrwt"), but the dir was owned by "aaron:aaron",
> rather than "root:root".

There's a different error message for that:

    if ((statbuf.st_uid != 0) || (statbuf.st_gid != 0)) {
      (void) fprintf(stderr, "X: %s has suspicious ownership (not root:root), aborting.\n", X_SOCKET_DIR);
      exit(1);
    }

    if (statbuf.st_mode != (S_IFDIR | X_SOCKET_DIR_MODE)) {
      (void) fprintf(stderr, "X: %s has suspicious mode (not %o) or is not a directory, aborting.\n", X_SOCKET_DIR, X_SOCKET_DIR_MODE);
      exit(1);
    }

Is there something wrong with my code?  Why do you think you didn't see
the former message?

> So, I was wondering: is there a reason that the XFree86 server can't
> just chown the directory, in the case where the permissions are fine
> but the owner is wrong?  Because otherwise, there seems to be an
> impasse of sorts.

Symlink attacks.

-- 
G. Branden Robinson                |     You could wire up a dead rat to a
Debian GNU/Linux                   |     DIMM socket and the PC BIOS memory
branden@debian.org                 |     test would pass it just fine.
http://people.debian.org/~branden/ |     -- Ethan Benson

Attachment: pgpBm4fMKej7a.pgp
Description: PGP signature


Reply to: