Re: (forw) gksu security bug? (xauth visible to all users)

[Gustavo Noronha Silva]

Em Thu, 13 Nov 2003 09:03:22 -0500, "Paul D. Smith" <address@hidden> escreveu:

> %% Gustavo Noronha Silva <address@hidden> writes:
> 
>   gns> I think, now, that the best way of handling this issue will be
>   gns> having a simple setuid binary, so that I can create the
>   gns> .Xauthority file myself and have it fix the permissions if the
>   gns> target user is not root, or something.
> 
> I don't understand why you need to do this.

Basically, the 'target user' may be != root. For root, only, that is
not a problem.

> That is why in my xsudo script, for example, I pipe the cookie to xauth
> through stdin rather than putting it on the command line:
> 
>   #!/bin/sh
>   xauth nlist $DISPLAY | XAUTHORITY=/tmp/.gksu-XXXXX/.Xauth xauth nmerge -
>   XAUTHORITY=/tmp/.gksu-XXXXX/.Xauth sudo synaptic
>   rm -rf /tmp/.gksu-XXXXX

Yes, the problem here lies on how to make .Xauth only readable for the
target user... I'm thinking about this with some other friends and maybe
we can fix this today.

[]s!

-- 
address@hidden: Gustavo Noronha <http://people.debian.org/~kov>
Debian:  <http://www.debian.org>  *  <http://www.debian-br.org>
  "Não deixe para amanhã, o WML que você pode traduzir hoje!"
        http://debian-br.alioth.debian.org/?id=WebWML