This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
RE: XWin and multiple users
- From: "Kris Thielemans" <kris dot thielemans at csc dot mrc dot ac dot uk>
- To: <cygwin-xfree at cygwin dot com>
- Cc: <salomo3 at cooper dot edu>
- Date: Mon, 24 May 2004 13:49:52 +0100
- Subject: RE: XWin and multiple users
- Reply-to: cygwin-xfree at cygwin dot com
>
> user startup $DISPLAY file in /tmp
> -----------------------------------------------------------
> Alice XWin :0 $OPTIONS localhost:0.0 /tmp/.X11-unix/X0
> Bob XWin :1 $OPTIONS localhost:1.0 /tmp/.X11-unix/X1
thanks!
this brings me to the security scare that I mentioned a few months ago.
Isn't it a bit strange/unsafe that /tmp/.X11-unix/X0 has read/write
permissions for everybody? I observed that user A can (accidentally) launch
an xterm on the display of user B (who launched XWin with that display), and
so expose everything he (i.e. user A) has on that machine. Worse, he could
maliciously put some X stuff on the display of the other. (Maybe even read
some stuff?)
why not set /tmp/.X11-unix/X0 etc to owner access only?
Kris