Alan Coopersmith <[email protected]> writes: > Since this is now public, we can open up the discussion of how to fix it in > public as well, and hope we can make more progress than the security list > did during the embargo phase.
I've got a proposed fix for this issue in two merge requests, one for
xcb and the other for the X server:
https://gitlab.freedesktop.org/xorg/lib/libxcb/-/merge_requests/10
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/546
These two changes enables code used on Mac OS X for all other platforms.
This code allows the X listen socket to be placed anywhere in the file
system. Systems which currently place that in /tmp are vulnerable to the
bug reported above. Placing this listen socket in a protected location
should prevent un-privileged applications from spoofing the X server for
the user.
Patches for ssh will be needed to close the security issue when
forwarding X connections through that.
--
-keith
signature.asc
Description: PGP signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
