Re: X11 cookie hijacker

From: Alan Cox (alanat_private)
Date: Tue Nov 03 1998 - 18:53:29 PST

Next message: Brandon S. Allbery: "Re: head -c 32 /dev/socksys caused panic?"

Previous message: Matt Watson: "Re: Quake problem?"
Maybe in reply to: Pavel Kankovsky: "X11 cookie hijacker"
Next in thread: Willy TARREAU: "Re: X11 cookie hijacker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Both of these require all X servers (and servers for the other services
> you mention later) run with sufficient privileges).  The first opens up
> a DoS for servers that don't have sufficient privileges.  XFree86, for
> example, ships with three "servers" that are not normally run with
> sufficient privileges (lbxproxy, Xnest, Xvfb).

I'd rather have my Xservers setgid X11 than totally insecure. There are
neat Linux solutions with the non fs name space but setgid X11 appears to
be the requirement for safe server side creation.

Is setgid X11 a problem, given the worst gaining it can do is to leave you
back where we are right now ?

Next message: Brandon S. Allbery: "Re: head -c 32 /dev/socksys caused panic?"
Previous message: Matt Watson: "Re: Quake problem?"
Maybe in reply to: Pavel Kankovsky: "X11 cookie hijacker"
Next in thread: Willy TARREAU: "Re: X11 cookie hijacker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:57 PDT