On Tuesday 27 December 2005 11:05, Otto Moerbeek wrote: > > On Tue, 27 Dec 2005, Dave Feustel wrote: > > > by KDE are root-owned and world rw. There is also a problem with the socket > > /tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD > > presentation on XFree86 from about 2002. > > Dunno about KDE but can you elaborate or give refs why having a world > writable unix domain socket is considered a problem?
Here is a presentation of XFree86 security issues that I found yesterday that seems to be relevant. X0 permissions are specifically addressed. I am definitely having fewer (if any) problems after several times rm'ing the tmp files associated with Xorg and KDE. I've done it with no problems except when I do it while KDE is running. Then DCOP dies. The most reliable way of reactivating DCOP correctly is (right now) to reboot KDE. http://www.openbsd.org/papers/xf86-sec.pdf -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
