Thomas Maier-Komor wrote:
Hi,
default permissions for .X11-pipe and .X11-unix seems to be 0775 with ownership
root:root.
This prevents Xnest from running. I saw that in Solaris 2.5.1 the permissions
originally have been 0777 and a patch changed it to 0775. I suspect that there
was no support for the sticky bit in Solaris 2.5.1.
What are the reasons that the permission hasn't been changed to 01777 with more recent versions of Solaris.
We've discussed this a bit internally recently, and 0775 still protects
against some forms of potential attacks that 01777 does not, such as
denial of service by creating files in the directories that other users
cannot remove.
Unfortunately, we haven't come up with a good answer yet that provides
both the same level of security and the flexibility to allow non-setid
X servers like Xnest to function fully.
--
-Alan Coopersmith- [EMAIL PROTECTED]
Sun Microsystems, Inc. - X Window System Engineering
_______________________________________________
opensolaris-discuss mailing list
[email protected]
