This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: XWin and multiple users

From: "Kris Thielemans" <kris dot thielemans at csc dot mrc dot ac dot uk>
To: <cygwin-xfree at cygwin dot com>
Cc: <salomo3 at cooper dot edu>
Date: Mon, 24 May 2004 13:49:52 +0100
Subject: RE: XWin and multiple users
Reply-to: cygwin-xfree at cygwin dot com

>
> user    startup           $DISPLAY       file in /tmp
> -----------------------------------------------------------
> Alice   XWin :0 $OPTIONS  localhost:0.0  /tmp/.X11-unix/X0
> Bob     XWin :1 $OPTIONS  localhost:1.0  /tmp/.X11-unix/X1

thanks!

this brings me to the security scare that I mentioned a few months ago.
Isn't it a bit strange/unsafe that /tmp/.X11-unix/X0 has read/write
permissions for everybody? I observed that user A can (accidentally) launch
an xterm on the display of user B (who launched XWin with that display), and
so expose everything he (i.e. user A) has on that machine. Worse, he could
maliciously put some X stuff on the display of the other. (Maybe even read
some stuff?)

why not set /tmp/.X11-unix/X0 etc to owner access only?

Kris

Follow-Ups:
- RE: XWin and multiple users
  - From: Alexander Gottwald

References:
- RE: XWin and multiple users
  - From: Alexander Gottwald

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]