This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
errors when switching users (security hole?)
- From: "Kris Thielemans" <kris dot thielemans at csc dot mrc dot ac dot uk>
- To: "Cygwin-Xfree" <cygwin-xfree at cygwin dot com>
- Cc: "Kris Thielemans" <kris dot thielemans at csc dot mrc dot ac dot uk>
- Date: Tue, 24 Feb 2004 12:46:44 -0000
- Subject: errors when switching users (security hole?)
- Reply-to: cygwin-xfree at cygwin dot com
Hi
I was trying to use Windows XP's 'switch user' feature and get rather
amazing results. Here is what I did
- logged in as account 1 (has admin privs), started XFree there (using
startxwin.bat)
- switched to another user ('limited privs'), started Xfree there (using
startxwin.bat)
I get error messages relating to /tmp/.X11-unix (permission denied).
If you check startxwin.bat, this is indeed a problem. Every user/session
will use the same filename. my 2nd user does not have permission to mess
around with the /tmp/.X11-unix created by the first user, so it has
problems.
Maybe this can be fixed by using /tmp/$USER/.X11-unix or so. But maybe you
do not want it to be fixed (see below).
However, now comes the weird thing.
I then switched back to account 1. And it has a new Xterm open, which seems
to be owned by user 2 (that is 'id -un' reports user 2)! I did not really
check if it has all relevant permissions and so on but it's pretty scary
anyway!
Do you think user switching could be supported by XFree? (Don't worry if you
say no. It's not a life-saving requirement for me!)
Versions: XP sp1, cygwin 1.5.7-1, XFree 4.3.0-1
(Please CC to my own email)
Kris Thielemans
(kris.thielemans <at> imperial.ac.uk)
Hammersmith Imanet (formerly IRSL)
Cyclotron Building
Hammersmith Hospital
Du Cane Road
London W12 ONN, United Kingdom