On Tue, 3 Jan 2006, Dave Feustel wrote:
> On Tuesday 03 January 2006 17:50, Otto Moerbeek wrote:
> >
> > On Tue, 3 Jan 2006, Dave Feustel wrote:
> >
> > > On Tuesday 03 January 2006 17:11, J.C. Roberts wrote:
> > >
> > > > The rule of thumb for granting privileges is simple; avoid granting
> > > > permissions whenever possible.
> > >
> > > Check the ownership/privileges on /tmp/.X11-unix/X0 after you start kde
> > > or Xorg.
> >
> > Come on, this is a unix domain socket, as has been pointed out before.
> > You keep on repeating this nonsense. Having a world writable socket is
> > not a problem in itself. X has it's own authentication/authorization
> > scheme, which is used both for unix domain sockets and tcp sockets.
>
> I confess that I do not understand the ramifications of the world rw+suid
> permissions on this socket. I do wonder why this socket has world rw when
> it seems to work equally well after I do a chmod 4700 on it at the beginning
> of every kde session. Do not the permissions applied to this socket violate
> the principle of least privilege mentioned above?
It does not have suid permissions. This clearly shows you understand
little about permissions. Hint: it's a socket, starting with an 's'.
The princpiple is not violated, because having the socket writable for
others has it's uses, maybe?
-Otto
