[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (forw) gksu security bug? (xauth visible to all users)
From: |
Gustavo Noronha Silva |
Subject: |
Re: (forw) gksu security bug? (xauth visible to all users) |
Date: |
Thu, 13 Nov 2003 13:10:48 -0200 |
Em Thu, 13 Nov 2003 09:03:22 -0500, "Paul D. Smith" <address@hidden> escreveu:
> %% Gustavo Noronha Silva <address@hidden> writes:
>
> gns> I think, now, that the best way of handling this issue will be
> gns> having a simple setuid binary, so that I can create the
> gns> .Xauthority file myself and have it fix the permissions if the
> gns> target user is not root, or something.
>
> I don't understand why you need to do this.
Basically, the 'target user' may be != root. For root, only, that is
not a problem.
> That is why in my xsudo script, for example, I pipe the cookie to xauth
> through stdin rather than putting it on the command line:
>
> #!/bin/sh
> xauth nlist $DISPLAY | XAUTHORITY=/tmp/.gksu-XXXXX/.Xauth xauth nmerge -
> XAUTHORITY=/tmp/.gksu-XXXXX/.Xauth sudo synaptic
> rm -rf /tmp/.gksu-XXXXX
Yes, the problem here lies on how to make .Xauth only readable for the
target user... I'm thinking about this with some other friends and maybe
we can fix this today.
[]s!
--
address@hidden: Gustavo Noronha <http://people.debian.org/~kov>
Debian: <http://www.debian.org> * <http://www.debian-br.org>
"Não deixe para amanhã, o WML que você pode traduzir hoje!"
http://debian-br.alioth.debian.org/?id=WebWML