XWin and multiple users
Kris Thielemans
kris.thielemans@csc.mrc.ac.uk
Mon May 24 14:35:00 GMT 2004
>
> user startup $DISPLAY file in /tmp
> -----------------------------------------------------------
> Alice XWin :0 $OPTIONS localhost:0.0 /tmp/.X11-unix/X0
> Bob XWin :1 $OPTIONS localhost:1.0 /tmp/.X11-unix/X1
thanks!
this brings me to the security scare that I mentioned a few months ago.
Isn't it a bit strange/unsafe that /tmp/.X11-unix/X0 has read/write
permissions for everybody? I observed that user A can (accidentally) launch
an xterm on the display of user B (who launched XWin with that display), and
so expose everything he (i.e. user A) has on that machine. Worse, he could
maliciously put some X stuff on the display of the other. (Maybe even read
some stuff?)
why not set /tmp/.X11-unix/X0 etc to owner access only?
Kris
More information about the Cygwin-xfree
mailing list