Re: X11 cookie hijacker

From: Willy TARREAU (tarreauat_private)
Date: Wed Nov 04 1998 - 00:58:21 PST

Next message: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Bug in Solaris 2.6 ???"

Previous message: Rich Kulawiec: "Re: 10th anniversary of the Internet Worm"
Maybe in reply to: Pavel Kankovsky: "X11 cookie hijacker"
Next in thread: Casper Dik: "Re: X11 cookie hijacker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Potential solutions:
>
> - set the sticky bit on /tmp/.X11-unix, make sure the bit stays there

the sticky bit doesn't always prevent some DoS. A few years ago, I used
to reserve a workstation for myself so that nobody else could start X on it;
when noone uses X11 and /tmp/.X11-unix is empty :

  mkdir /tmp/.X11-unix/X0
  touch /tmp/.X11-unix/X0/no-delete
  chmod 0 /tmp/.X11-unix/X0

then it is impossible to create the socket X0, because of the X0 directory
which is undeletable (not empty). The other solutions you proposed should
work, I think.

>
> --Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
> "You can't be truly paranoid unless you're sure they have already got you."
>
>

                                        Willy

Next message: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Bug in Solaris 2.6 ???"
Previous message: Rich Kulawiec: "Re: 10th anniversary of the Internet Worm"
Maybe in reply to: Pavel Kankovsky: "X11 cookie hijacker"
Next in thread: Casper Dik: "Re: X11 cookie hijacker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:00 PDT